Cryptology ePrint Archive: Report 2001/071

Multi-Recipient Public-Key Encryption with Shortened Ciphertext

Kaoru Kurosawa

Abstract: In the trivial $n$-recipient public-key encryption scheme, a ciphertext is a concatenation of independently encrypted messages for $n$ recipients. In this paper, we say that an $n$-recipient scheme has a ``{\it shortened ciphertext}'' property if the length of the ciphertext is almost a half (or less) of the trivial scheme and the security is still almost the same as the underlying single-recipient scheme. We first present (multi-plaintext, multi-recipient) schemes with the ``{\it shortened ciphertext}'' property for ElGamal scheme and Cramer-Shoup scheme. We next show (single-plaintext, multi-recipient) hybrid encryption schemes with the ``{\it shortened ciphertext}'' property.

Category / Keywords: public-key cryptography / public-key cryptography, multi-user setting

Date: received 21 Aug 2001, last revised 15 Jan 2002

Contact author: kurosawa at cis ibaraki ac jp

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Note: This paper has been accepted by PKC'2002. A previous version was revised according to the reviewers' comments.

Version: 20020115:080203 (All versions of this report)

Short URL: ia.cr/2001/071

Discussion forum: Show discussion | Start new discussion