Compact CCA-Secure Encryption for Messages of Arbitrary Length
- Cite this paper as:
- Abe M., Kiltz E., Okamoto T. (2009) Compact CCA-Secure Encryption for Messages of Arbitrary Length. In: Jarecki S., Tsudik G. (eds) Public Key Cryptography – PKC 2009. PKC 2009. Lecture Notes in Computer Science, vol 5443. Springer, Berlin, Heidelberg
This paper proposes a chosen-ciphertext secure variant of the ElGamal public-key encryption scheme which generates very compact ciphertexts for messages of arbitrarylength. The ciphertext overhead (i.e., the difference between ciphertext and plaintext) is one group element only. Such a property is particularly useful when encrypting short messages such as a PIN or a credit card number in bandwidth-critical environments. On top of the compact overhead, the computational cost for encryption and decryption are almost the same as plain ElGamal encryption. The security is proven based on the strong Diffie-Hellman assumption in the random oracle model.