Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack.

*(English)*Zbl 1045.94013A new public-key encryption scheme and its variants are presented, and their security against adaptive chosen ciphertext attack is proved.

The article is divided in two parts. In the first part, the necessary definitions are presented. Then the basic version of the new encryption scheme, along with two variants, based on the decisional Diffie-Hellman assumption is introduced, and their security against adaptive chosen ciphertext is proved. Another scheme is presented and analyzed which is somewhat less efficient, but does not depend on a target resistant hash function. Both schemes and their variants have two drawbacks: The plaintexts have to be encoded as group elements, which can restrict the use of the schemes; and they depend on the decisional Diffie-Hellman assumption, so that if it is false they can be trivially broken.

The second part formalizes the notion of hybrid encryption, which uses public-key techniques to derive a shared key that is then used to encrypt the actual message using the standard symmetric-key technique, and employ it to eliminate the disadvantages of the basic scheme.

In their analysis, the authors concentrate only on the public-key part of the hybrid encryption scheme – on the problem of constructing a secure encapsulation mechanism. They introduce and analyze a new key encapsulation mechanism and two of its variants, and prove their security under the decisional Diffie-Hellman assumption. They also show that the second variant of the scheme is at least as secure as a more traditional key encapsulation mechanism based on the ElGamal scheme. Finally, they show that the particular scheme is secure in the random oracle model under the weaker computational Diffie-Hellman assumption.

The article is divided in two parts. In the first part, the necessary definitions are presented. Then the basic version of the new encryption scheme, along with two variants, based on the decisional Diffie-Hellman assumption is introduced, and their security against adaptive chosen ciphertext is proved. Another scheme is presented and analyzed which is somewhat less efficient, but does not depend on a target resistant hash function. Both schemes and their variants have two drawbacks: The plaintexts have to be encoded as group elements, which can restrict the use of the schemes; and they depend on the decisional Diffie-Hellman assumption, so that if it is false they can be trivially broken.

The second part formalizes the notion of hybrid encryption, which uses public-key techniques to derive a shared key that is then used to encrypt the actual message using the standard symmetric-key technique, and employ it to eliminate the disadvantages of the basic scheme.

In their analysis, the authors concentrate only on the public-key part of the hybrid encryption scheme – on the problem of constructing a secure encapsulation mechanism. They introduce and analyze a new key encapsulation mechanism and two of its variants, and prove their security under the decisional Diffie-Hellman assumption. They also show that the second variant of the scheme is at least as secure as a more traditional key encapsulation mechanism based on the ElGamal scheme. Finally, they show that the particular scheme is secure in the random oracle model under the weaker computational Diffie-Hellman assumption.

Reviewer: Lenka Fibikova (Sauerlach)