On the CCA1-Security of Elgamal and Damgård’s Elgamal

  • Helger Lipmaa
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6584)


It is known that there exists a reduction from the CCA1-security of Damgård’s Elgamal (DEG) cryptosystem to what we call the \(\textrm{ddh}^{\textrm{dsdh}}\) assumption. We show that \(\textrm{ddh}^{\textrm{dsdh}}\) is unnecessary for DEG-CCA1, while DDH is insufficient for DEG-CCA1. We also show that CCA1-security of the Elgamal cryptosystem is equivalent to another assumption \(\textrm{ddh}^{\textrm{csdh}}\), while we show that \(\textrm{ddh}^{\textrm{dsdh}}\) is insufficient for Elgamal’s CCA1-security. Finally, we prove a generic-group model lower bound \(\Omega (\sqrt[3]{q})\) for the hardest considered assumption \(\textrm{ddh}^{\textrm{csdh}}\), where q is the largest prime factor of the group order.


CCA1-security DEG cryptosystem Elgamal cryptosystem generic group model irreduction 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bresson, E., Monnerat, J., Vergnaud, D.: Separation Results on the “One-More” Computational Problems. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 71–87. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  2. 2.
    Brown, D., Gallant, R.: The Static Diffie-Hellman Problem. Tech. Rep. 2004/306, International Association for Cryptologic Research (2004), http://eprint.iacr.org/2004/306, http://eprint.iacr.org/2004/306
  3. 3.
    Brown, D.R.L.: Irreducibility to the One-More Evaluation Problems: More May Be Less. Tech. Rep. 2008/435, International Association for Cryptologic Research (2007), http://eprint.iacr.org/2007/435
  4. 4.
    Damgård, I.: Towards Practical Public Key Systems Secure against Chosen Ciphertext Attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992)Google Scholar
  5. 5.
    Desmedt, Y., Lipmaa, H., Phan, D.H.: Hybrid Damgård Is CCA1-Secure under the DDH Assumption. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 18–30. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Desmedt, Y., Phan, D.H.: A CCA Secure Hybrid Damgård’s ElGamal Encryption. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol. 5324, pp. 68–82. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Elgamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Gjøsteen, K.: A New Security Proof for Damgård’s ElGamal. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 150–158. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Kiltz, E., Pietrzak, K., Stam, M., Yung, M.: A New Randomness Extraction Paradigm for Hybrid Encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 590–609. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Maurer, U.M.: Abstract Models of Computation in Cryptography. In: Smart, N.P. (ed.) WCC 2005. LNCS, vol. 3796, pp. 1–12. Springer, Heidelberg (2005)Google Scholar
  11. 11.
    Naor, M.: On Cryptographic Assumptions and Challenges. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Okamoto, T., Pointcheval, D.: The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Shoup, V.: Lower Bounds for Discrete Logarithms and Related Problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  14. 14.
    Tsiounis, Y., Yung, M.: On the Security of ElGamal Based Encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Wu, J., Stinson, D.R.: On the Security of the ElGamal Encryption Scheme and Damgård’s Variant. Tech. Rep. 2008/200, International Association for Cryptologic Research (2008), http://eprint.iacr.org/2008/200

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Helger Lipmaa
    • 1
    • 2
  1. 1.Cybernetica ASEstonia
  2. 2.Tallinn UniversityEstonia

Personalised recommendations