# Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks

@inproceedings{Damgrd1991TowardsPP, title={Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks}, author={Ivan Damg{\aa}rd}, booktitle={CRYPTO}, year={1991} }

We present two efficient constructions aimed at making public key systems secure against chosen ciphertext attacks. The first one applies to any deterministic public key system and modifies it into a system that is provably as hard to break under a passive attack as the original one, but has the potential of making a chosen ciphertext attack useless to an enemy. The second construction applies to the El Gamal/Diffie-Hellman public key system. Again, the modified system is provably as hard to…

## Topics from this paper

## 378 Citations

How to Enhance the Security of Public-Key Encryption at Minimum Cost

- Computer SciencePublic Key Cryptography
- 1999

This paper presents a simple and efficient conversion from a semantically secure public-key encryption scheme against passive adversaries to a non-malleable (or semantically secure) public-key…

Practical Approaches to Attaining Security Against Adaptively Chosen Ciphertext Attacks (Extended Abstract)

- Computer ScienceCRYPTO
- 1992

This paper presents three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks, based on the use of one-way hash functions, universal hash functions and the Use of digital signature schemes.

An Efficient Public Key Cryptosystem Secure Against Chosen Ciphertext Attack

- Computer ScienceICISS
- 2006

The main advantage of the schemes is that they employ a problem equivalent to the well-studied RSA problem, and thus the resulting schemes are as secure as the RSA system.

Immunizing Public Key Cryptosystems Against Chosen Ciphertext Attacks

- Computer ScienceIEEE J. Sel. Areas Commun.
- 1993

Three methods for strengthening public key cryptosystems in such a way that they become secure against adaptively chosen ciphertext attacks are presented and security of the three example cryptosSystems is formally proved.

Another Method for Attaining Security Against Adaptively Chosen Ciphertext Attacks

- Mathematics, Computer ScienceCRYPTO
- 1993

A new method for immunizing public key cryptosystems against adaptively chosen ciphertext attacks, where the deciphering algorithm first checks that the ciphertext is legitimate and then outputs the matching plaintext only when the check is successful.

Securing Threshold Cryptosystems against Chosen Ciphertext Attack

- Computer ScienceJournal of Cryptology
- 2001

This paper presents two very practical threshold cryptosystems and proves that they are secure against chosen ciphertext attack in the random oracle model, and not only are these protocols computationally very efficient, but they are also non-interactive, which means they can be easily run over an asynchronous communication network.

Cryptanalysis of the Immunized LL Public Key Systems

- Mathematics, Computer ScienceCRYPTO
- 1995

This paper demonstrates that the RSA based scheme is insecure under an adaptive chosen ciphertext attack, and point weaknesses in the design of both their RSA and EI Gamal based schemes regarding the use of pseudorandom-generators.

A New Security Definition for Public Key Encryption Schemes and Its Applications

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2007

A slightly weaker version of IND-CCA is proposed, which requires ciphertexts of two randomly selected messages are indistinguishable under chosen ciphertext attacks, and it is shown that highly efficient schemes proven secure in the standard model can be built in a straightforward way.

A Study on Efficient Identification Schemes Secure against Concurrent Man-in-the-Middle Attacks

- Computer Science
- 2012

The ID schemes obtained from the proposed generic conversion from a KEM to an ID scheme are cMiM secure and show the highest efficiency in both computational amount and message length as compared with previously known c MiM secure ID schemes.

Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack

- Computer Science, MathematicsSIAM J. Comput.
- 2003

A new public-key encryption scheme, along with several variants, is proposed and analyzed that appear to be the first public- key encryption schemes in the literature that are simultaneously practical and provably secure.

## References

SHOWING 1-8 OF 8 REFERENCES

Public-key cryptosystems provably secure against chosen ciphertext attacks

- Mathematics, Computer ScienceSTOC '90
- 1990

We show how to construct a public-key cryptosystem (as originally defined by DiNe and Hellman) secure against chosen ciphertezt attacks, given a public-key cryptosystern secure against passive…

An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information

- Mathematics, Computer ScienceCRYPTO
- 1984

This paper introduces the first probabilistic public-key encryption scheme which combines the following two properties: perfect secrecy with respect to polynomial time eavesdroppers and effectiveness in both encoding and decoding time and bandwidth expansion.

Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack

- Mathematics, Computer ScienceCRYPTO
- 1991

A formalization of chosen ciphertext attack is given in the model which is stronger than the "lunchtime attack" considered by Naor and Yung, and it is proved a non-interactive public-key cryptosystem based on non-Interactive zero-knowledge proof of knowledge to be secure against it.

A public key cryptosystem and a signature scheme based on discrete logarithms

- MathematicsCRYPTO 1985
- 1985

A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the…

A "Paradoxical'"Solution to the Signature Problem (Abstract)

- Mathematics, Computer ScienceCRYPTO
- 1984

A general signature scheme which uses any pair of trap-door permutations for which it is infeasible to find any x, y with f0(x) = f1(y) and possesses the novel property of being robust against an adaptive chosen message attack.

Diffie-Hellman is as Strong as Discrete Log for Certain Primes

- Mathematics, Computer ScienceCRYPTO
- 1988

It is proven that both the discrete log problem and the Diffie-Hellman key exchange scheme are (probabilisticly) polynomial-time equivalent if the totient of P-l has only small prime factors with respect to a (fixed)Polynomial in 2logP.

On the Composition of Zero-Knowledge Proof Systems

- Mathematics, Computer ScienceICALP
- 1990

A basic question concerning zero-knowledge proof systems is whether their (sequential and/or parallel) composition is zero-knowledge too. This question is not only of natural theoretical interest,…

Zero-knowledge proofs of identity

- Mathematics, Computer ScienceJournal of Cryptology
- 2006

This paper defines the definition of unrestricted input zero- knowledge proofs of knowledge in which the prover demonstrates possession of knowledge without revealing any computational information whatsoever (not even the one bit revealed in zero-knowledge proofs of assertions).