Hybrid Damgård Is CCA1-Secure under the DDH Assumption

  • Yvo Desmedt
  • Helger Lipmaa
  • Duong Hieu Phan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5339)


In 1991, Damgård proposed a simple public-key cryptosystem that he proved CCA1-secure under the Diffie-Hellman Knowledge assumption. Only in 2006, Gjøsteen proved its CCA1-security under a more standard but still new and strong assumption. The known CCA2-secure public-key cryptosystems are considerably more complicated. We propose a hybrid variant of Damgård’s public-key cryptosystem and show that it is CCA1-secure if the used symmetric cryptosystem is CPA-secure, the used MAC is unforgeable, the used key-derivation function is secure, and the underlying group is a DDH group. The new cryptosystem is the most efficient known CCA1-secure hybrid cryptosystem based on standard assumptions.


CCA1-security Damgård’s cryptosystem DDH hybrid cryptosystems 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ABR01]
    Abdalla, M., Bellare, M., Rogaway, P.: The Oracle Diffie-Hellman Assumptions And An Analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. [BP04]
    Bellare, M., Palacio, A.: Towards Plaintext-Aware Public-Key Encryption Without Random Oracles. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 48–62. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. [CS98]
    Cramer, R., Shoup, V.: A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. [CS04]
    Cramer, R., Shoup, V.: Design And Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack. SIAM Journal of Computing 33(1), 167–226 (2004)MathSciNetCrossRefMATHGoogle Scholar
  5. [Dam91]
    Damgård, I.: Towards Practical Public Key Systems Secure against Chosen Ciphertext Attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992)Google Scholar
  6. [DP08]
    Desmedt, Y., Phan, D.H.: A CCA Secure Hybrid Damgård’s ElGamal Encryption. In: Bao, F., Chen, K. (eds.) ProvSec 2008. LNCS, vol. 5324. Springer, Heidelberg (2008)Google Scholar
  7. [Elg85]
    Elgamal, T.: A Public Key Cryptosystem And A Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)MathSciNetCrossRefMATHGoogle Scholar
  8. [Gjø06]
    Gjøsteen, K.: A New Security Proof for Damgård’s ElGamal. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 150–158. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. [GS04]
    Gennaro, R., Shoup, V.: A Note on An Encryption Scheme of Kurosawa And Desmedt. Technical Report 2004/194, International Association for Cryptologic Research (August 10, 2004) (last revision May 18 2005), http://eprint.iacr.org/2004/194
  10. [HK07]
    Hofheinz, D., Kiltz, E.: Secure Hybrid Encryption from Weakened Key Encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. [KD04]
    Kurosawa, K., Desmedt, Y.: A New Paradigm of Hybrid Encryption Scheme. In: Franklin, M.K. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 426–442. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. [KPSY08]
    Kiltz, E., Pietrzak, K., Stam, M., Yung, M.: A New Randomness Extraction Paradigm for Hybrid Encryption. Technical Report 2008/304, International Association for Cryptologic Research (October 2008), http://eprint.iacr.org/2008/304
  13. [Lip08]
    Lipmaa, H.: On CCA1-Security of Elgamal And Damgård Cryptosystems. Technical Report 2008/234, International Association for Cryptologic Research (October 2008), http://eprint.iacr.org/2008/234
  14. [Sho00]
    Shoup, V.: Using Hash Functions as A Hedge against Chosen Ciphertext Attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 275–288. Springer, Heidelberg (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Yvo Desmedt
    • 1
  • Helger Lipmaa
    • 2
  • Duong Hieu Phan
    • 3
  1. 1.University College LondonUK
  2. 2.Cybernetica ASEstonia
  3. 3.University of Paris 8France

Personalised recommendations