A New Randomness Extraction Paradigm for Hybrid Encryption

  • Eike Kiltz
  • Krzysztof Pietrzak
  • Martijn Stam
  • Moti Yung
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5479)

Abstract

We present a new approach to the design of IND-CCA2 secure hybrid encryption schemes in the standard model. Our approach provides an efficient generic transformation from 1-universal to 2-universal hash proof systems. The transformation involves a randomness extractor based on a 4-wise independent hash function as the key derivation function. Our methodology can be instantiated with efficient schemes based on standard intractability assumptions such as Decisional Diffie-Hellman, Quadratic Residuosity, and Paillier’s Decisional Composite Residuosity. Interestingly, our framework also allows to prove IND-CCA2 security of a hybrid version of 1991’s Damgård’s ElGamal public-key encryption scheme under the DDH assumption.

Keywords

Chosen-ciphertext security hybrid encryption randomness extraction hash proof systems ElGamal 

References

  1. 1.
    Choi, S.G., Herranz, J., Hofheinz, D., Hwang, J.Y., Kiltz, E., Lee, D.H., Yung, M.: The Kurosawa-Desmedt key encapsulation is not chosen-ciphertext secure. Information Processing Letters (to appear, 2009)Google Scholar
  2. 2.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  3. 3.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing 33(1), 167–226 (2003)MathSciNetCrossRefMATHGoogle Scholar
  5. 5.
    Damgård, I.B.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992)Google Scholar
  6. 6.
    Damgård, I.B., Goldreich, O., Okamoto, T., Wigderson, A.: Honest verifier vs dishonest verifier in public coin zero-knowledge proofs. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 325–338. Springer, Heidelberg (1995)Google Scholar
  7. 7.
    Desmedt, Y., Lipmaa, H., Phan, D.H.: Hybrid Damgård is CCA1-secure under the DDH assumption. In: CANS 2008. LNCS, vol. 5339, pp. 18–30. Springer, Heidelberg (2008)Google Scholar
  8. 8.
    Desmedt, Y., Phan, D.H.: A CCA secure hybrid Damgårds ElGamal encryption. In: ProvSec 2008. LNCS, vol. 5324, pp. 68–82. Springer, Heidelberg (2008)Google Scholar
  9. 9.
    Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM Journal on Computing 30(2), 391–437 (2000)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  11. 11.
    Gennaro, R., Shoup, V.: A note on an encryption scheme of Kurosawa and Desmedt. Cryptology ePrint Archive, Report 2004/194 (2004), http://eprint.iacr.org/
  12. 12.
    Gjøsteen, K.: A new security proof for Damgård’s ElGamal. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 150–158. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM Journal on Computing 28(4), 1364–1396 (1999)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Hofheinz, D., Kiltz, E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Hofheinz, D., Kiltz, E.: Practical chosen ciphertext secure encryption from factoring. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 313–332. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Kiltz, E., Pietrzak, K., Stam, M., Yung, M.: A new randomness extraction paradigm for hybrid encryption. Cryptology ePrint Archive, Report 2008/304 (2008), http://eprint.iacr.org/
  17. 17.
    Kurosawa, K., Desmedt, Y.G.: A new paradigm of hybrid encryption scheme. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 426–442. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Lipmaa, H.: On CCA1-Security of Elgamal and Damgård cryptosystems. Cryptology ePrint Archive, Report 2008/234 (2008), http://eprint.iacr.org/
  19. 19.
    Naor, M.: On cryptographic assumptions and challenges (invited talk). In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: 22nd ACM STOC. ACM Press, New York (1990)Google Scholar
  21. 21.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  22. 22.
    Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar
  23. 23.
    Shacham, H.: A Cramer-Shoup encryption scheme from the linear assumption and from progressively weaker linear variants. Cryptology ePrint Archive, Report 2007/074 (2007), http://eprint.iacr.org/
  24. 24.
    Shoup, V.: Using hash functions as a hedge against chosen ciphertext attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 275–288. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  25. 25.
    Tsiounis, Y., Yung, M.: On the security of ElGamal based encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  26. 26.
    Wu, J., Stinson, D.R.: On the security of the ElGamal encryption scheme and Dåmgard’s variant. Cryptology ePrint Archive, Report 2008/200 (2008), http://eprint.iacr.org/

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Eike Kiltz
    • 1
  • Krzysztof Pietrzak
    • 1
  • Martijn Stam
    • 2
  • Moti Yung
    • 3
  1. 1.Cryptology & Information Security GroupCWI AmsterdamThe Netherlands
  2. 2.LACALEPFLSwitzerland
  3. 3.Google Inc. and Columbia UniversityUSA

Personalised recommendations