# Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks

@inproceedings{Damgrd1991TowardsPP, title={Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks}, author={Ivan Damg{\aa}rd}, booktitle={CRYPTO}, year={1991} }

We present two efficient constructions aimed at making public key systems secure against chosen ciphertext attacks. The first one applies to any deterministic public key system and modifies it into a system that is provably as hard to break under a passive attack as the original one, but has the potential of making a chosen ciphertext attack useless to an enemy. The second construction applies to the El Gamal/Diffie-Hellman public key system. Again, the modified system is provably as hard to… Expand

#### Topics from this paper

#### 375 Citations

Practical Approaches to Attaining Security Against Adaptively Chosen Ciphertext Attacks (Extended Abstract)

- Computer Science
- CRYPTO
- 1992

This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks, based on the use of one-way hash functions, universal hash functions and the Use of digital signature schemes. Expand

How to Enhance the Security of Public-Key Encryption at Minimum Cost

- Computer Science
- Public Key Cryptography
- 1999

This paper presents a simple and efficient conversion from a semantically secure public-key encryption scheme against passive adversaries to a non-malleable (or semantically secure) public-key… Expand

An Efficient Public Key Cryptosystem Secure Against Chosen Ciphertext Attack

- Computer Science
- ICISS
- 2006

The main advantage of the schemes is that they employ a problem equivalent to the well-studied RSA problem, and thus the resulting schemes are as secure as the RSA system. Expand

Immunizing Public Key Cryptosystems Against Chosen Ciphertext Attacks

- Computer Science
- IEEE J. Sel. Areas Commun.
- 1993

Three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks are presented and security of the three example cryptosSystems is formally proved. Expand

Another Method for Attaining Security Against Adaptively Chosen Ciphertext Attacks

- Mathematics, Computer Science
- CRYPTO
- 1993

A new method for immunizing public key cryptosystems against adaptively chosen ciphertext attacks, where the deciphering algorithm first checks that the ciphertext is legitimate and then outputs the matching plaintext only when the check is successful. Expand

Securing Threshold Cryptosystems against Chosen Ciphertext Attack

- Computer Science
- Journal of Cryptology
- 2001

This paper presents two very practical threshold cryptosystems and proves that they are secure against chosen ciphertext attack in the random oracle model, and not only are these protocols computationally very efficient, but they are also non-interactive, which means they can be easily run over an asynchronous communication network. Expand

Cryptanalysis of the Immunized LL Public Key Systems

- Mathematics, Computer Science
- CRYPTO
- 1995

This paper demonstrates that the RSA based scheme is insecure under an adaptive chosen ciphertext attack, and point weaknesses in the design of both their RSA and EI Gamal based schemes regarding the use of pseudorandom-generators. Expand

A New Security Definition for Public Key Encryption Schemes and Its Applications

- Computer Science
- IACR Cryptol. ePrint Arch.
- 2007

A slightly weaker version of IND-CCA is proposed, which requires ciphertexts of two randomly selected messages are indistinguishable under chosen ciphertext attacks, and it is shown that highly efficient schemes proven secure in the standard model can be built in a straightforward way. Expand

A Study on Efficient Identification Schemes Secure against Concurrent Man-in-the-Middle Attacks

- Computer Science
- 2012

The ID schemes obtained from the proposed generic conversion from a KEM to an ID scheme are cMiM secure and show the highest efficiency in both computational amount and message length as compared with previously known c MiM secure ID schemes. Expand

Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack

- Computer Science, Mathematics
- SIAM J. Comput.
- 2003

A new public-key encryption scheme, along with several variants, is proposed and analyzed that appear to be the first public- key encryption schemes in the literature that are simultaneously practical and provably secure. Expand

#### References

SHOWING 1-8 OF 8 REFERENCES

Public-key cryptosystems provably secure against chosen ciphertext attacks

- Mathematics, Computer Science
- STOC '90
- 1990

We show how to construct a public-key cryptosystem (as originally defined by DiNe and Hellman) secure against chosen ciphertezt attacks, given a public-key cryptosystern secure against passive… Expand

An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information

- Mathematics, Computer Science
- CRYPTO
- 1984

This paper introduces the first probabilistic public-key encryption scheme which combines the following two properties: perfect secrecy with respect to polynomial time eavesdroppers and effectiveness in both encoding and decoding time and bandwidth expansion. Expand

Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack

- Mathematics, Computer Science
- CRYPTO
- 1991

A formalization of chosen ciphertext attack is given in the model which is stronger than the "lunchtime attack" considered by Naor and Yung, and it is proved a non-interactive public-key cryptosystem based on non-Interactive zero-knowledge proof of knowledge to be secure against it. Expand

A public key cryptosystem and a signature scheme based on discrete logarithms

- Mathematics
- CRYPTO 1985
- 1985

A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the… Expand

A "Paradoxical'"Solution to the Signature Problem (Abstract)

- Mathematics, Computer Science
- CRYPTO
- 1984

A general signature scheme which uses any pair of trap-door permutations for which it is infeasible to find any x, y with f0(x) = f1(y) and possesses the novel property of being robust against an adaptive chosen message attack. Expand

Diffie-Hellman is as Strong as Discrete Log for Certain Primes

- Mathematics, Computer Science
- CRYPTO
- 1988

It is proven that both the discrete log problem and the Diffie-Hellman key exchange scheme are (probabilisticly) polynomial-time equivalent if the totient of P-l has only small prime factors with respect to a (fixed)Polynomial in 2logP. Expand

On the Composition of Zero-Knowledge Proof Systems

- Mathematics, Computer Science
- ICALP
- 1990

A basic question concerning zero-knowledge proof systems is whether their (sequential and/or parallel) composition is zero-knowledge too. This question is not only of natural theoretical interest,… Expand

Zero-knowledge proofs of identity

- Mathematics, Computer Science
- Journal of Cryptology
- 2006

This paper defines the definition of unrestricted input zero- knowledge proofs of knowledge in which the prover demonstrates possession of knowledge without revealing any computational information whatsoever (not even the one bit revealed in zero-knowledge proofs of assertions). Expand