Cryptology ePrint Archive: Report 2016/094

Tightly CCA-Secure Encryption without Pairings

Romain Gay and Dennis Hofheinz and Eike Kiltz and Hoeteck Wee

Abstract: We present the first CCA-secure public-key encryption scheme based on DDH where the security loss is independent of the number of challenge ciphertexts and the number of decryption queries. Our construction extends also to the standard k-Lin assumption in pairing-free groups, whereas all prior constructions starting with Hofheinz and Jager (Crypto 12) rely on the use of pairings. Moreover, our construction improves upon the concrete efficiency of existing schemes, reducing the ciphertext overhead by about half (to only 3 group elements under DDH), in addition to eliminating the use of pairings. We also show how to use our techniques in the NIZK setting. Specifically, we construct the first tightly simulation-sound designated-verifier NIZK for linear languages without pairings. Using pairings, we can turn our construction into a highly optimized publicly verifiable NIZK with tight simulation-soundness.

Category / Keywords: public-key encryption, CCA security, tightness

Original Publication (with major differences): IACR-EUROCRYPT-2016

Date: received 2 Feb 2016, last revised 2 May 2016

Contact author: rgay at di ens fr

Available format(s): PDF | BibTeX Citation

Version: 20160502:080826 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]