Reducing Public Key Sizes in Bounded CCA-Secure KEMs with Optimal Ciphertext Length

  • Takashi YamakawaEmail author
  • Shota Yamada
  • Takahiro Matsuda
  • Goichiro Hanaoka
  • Noboru Kunihiro
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7807)


Currently, chosen-ciphertext (CCA) security is considered as the de facto standard security notion for public key encryption (PKE), and a number of CCA-secure schemes have been proposed thus far. However, CCA-secure PKE schemes are generally less efficient than schemes with weaker security, e.g., chosen-plaintext security, due to their strong security. Surprisingly, Cramer et al. (Asiacrypt 2007) demonstrated that it is possible to construct a PKE scheme from the decisional Diffie-Hellman assumption that yields (i) bounded CCA (BCCA) security which is only slightly weaker than CCA security, and (ii) one group element of ciphertext overhead which is optimal.

In this paper, we propose two novel BCCA-secure PKE schemes with optimal ciphertext length that are based on computational assumptions rather than decisional assumptions and that yield shorter (or at least comparable) public key sizes. Our first scheme is based on the computational bilinear Diffie-Hellman assumption and yields \(O(\lambda q)\) group elements of public key length, and our second scheme is based on the factoring assumption and yields \(O(\lambda q^2)\) group elements of public key length, while in Cramer et al.’s scheme, a public key consists of \(O(\lambda q^2)\) group elements, where \(\lambda \) is the security parameter and q is the number of decryption queries. Moreover, our second scheme is the first PKE scheme which is BCCA-secure under the factoring assumption and yields optimal ciphertext overhead.


Bounded CCA security Factoring CBDH assumption 



The authors would like to thank the members of the study group “Shin-Akarui-Angou-Benkyou-Kai”.


  1. 1.
    Blum, L., Blum, M., Shub, M.: A simple unpredictable pseudo-random number generator. SIAM J. Comput. 15(2), 364–383 (1986)zbMATHMathSciNetCrossRefGoogle Scholar
  2. 2.
    Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: STOC, pp. 103–112 (1988)Google Scholar
  3. 3.
    Cramer, R., Hanaoka, G., Hofheinz, D., Imai, H., Kiltz, E., Pass, R., Shelat, A., Vaikuntanathan, V.: Bounded CCA2-secure encryption. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 502–518. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  4. 4.
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes. SIAM J. Comput. 33(1), 167–226 (2003)zbMATHMathSciNetCrossRefGoogle Scholar
  5. 5.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography (extended abstract). In: STOC, pp. 542–552 (1991)Google Scholar
  6. 6.
    Erdös, P.L., Frankl, P., Füredi, Z.: Families of finite sets in which no set is covered by the union of two others. J. Comb. Theor. Ser. A 33(2), 158–166 (1982)zbMATHCrossRefGoogle Scholar
  7. 7.
    Erdös, P.L., Frankl, P., Füredi, Z.: Families of finite sets in which no set is covered by the union of \(r\) others. Isr. J. Math. 51, 79–89 (1985)zbMATHCrossRefGoogle Scholar
  8. 8.
    Galbraith, S.D., Hopkins, H.J., Shparlinski, I.E.: Secure bilinear Diffie-Hellman bits. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 370–378. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  9. 9.
    Hanaoka, G., Matsuda, T., Schuldt, J.C.N.: On the impossibility of constructing efficient key encapsulation and programmable hash functions in prime order groups. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 812–831. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  10. 10.
    Haralambiev, K., Jager, T., Kiltz, E., Shoup, V.: Simple and efficient public-key encryption from computational Diffie-Hellman in the standard model. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 1–18. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  11. 11.
    Hofheinz, D., Kiltz, E.: The group of signed quadratic residues and applications. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 637–653. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  12. 12.
    Hofheinz, D., Kiltz, E.: Practical chosen ciphertext secure encryption from factoring. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 313–332. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  13. 13.
    Hohenberger, S., Lewko, A., Waters, B.: Detecting dangerous queries: a new approach for chosen ciphertext security. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 663–681. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  14. 14.
    Mei, Q., Li, B., Lu, X., Jia, D.: Chosen ciphertext secure encryption under factoring assumption revisited. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 210–227. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  15. 15.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: STOC, pp. 427–437 (1990)Google Scholar
  16. 16.
    Pereira, M., Dowsley, R., Hanaoka, G., Nascimento, A.C.A.: Public key encryption schemes with bounded CCA security and optimal ciphertext length based on the CDH assumption. In: Burmester, M., Tsudik, G., Magliveras, S., Ilic, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 299–306. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  17. 17.
    Shmuely, Z.: Composite diffie-hellman public-key generating systems are hard to break. Technical report 356, Computer Science Department, Technion, Israel, (1985)Google Scholar
  18. 18.
    Yamada, S., Hanaoka, G., Kunihiro, N.: Two-dimensional representation of cover free families and its applications: short signatures and more. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 260–277. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  19. 19.
    Yamada, S., Kawai, Y., Hanaoka, G., Kunihiro, N.: Public key encryption schemes from the (b)cdh assumption with better efficiency. IEICE Trans. 93–A(11), 1984–1993 (2010)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Takashi Yamakawa
    • 1
    • 2
    Email author
  • Shota Yamada
    • 1
  • Takahiro Matsuda
    • 1
  • Goichiro Hanaoka
    • 1
  • Noboru Kunihiro
    • 2
  1. 1.National Institute of Advanced Industrial Science and Technology (AIST)TokyoJapan
  2. 2.The University of TokyoTokyoJapan

Personalised recommendations