Cryptology ePrint Archive: Report 2016/094
Tightly CCA-Secure Encryption without Pairings
Romain Gay and Dennis Hofheinz and Eike Kiltz and Hoeteck Wee
Abstract: We present the first CCA-secure public-key encryption scheme based on DDH where the
security loss is independent of the number of challenge ciphertexts and the number of decryption queries.
Our construction extends also to the standard k-Lin assumption in pairing-free groups, whereas all prior
constructions starting with Hofheinz and Jager (Crypto ’12) rely on the use of pairings. Moreover, our
construction improves upon the concrete efficiency of existing schemes, reducing the ciphertext overhead
by about half (to only 3 group elements under DDH), in addition to eliminating the use of pairings.
We also show how to use our techniques in the NIZK setting. Specifically, we construct the first tightly
simulation-sound designated-verifier NIZK for linear languages without pairings. Using pairings, we can
turn our construction into a highly optimized publicly verifiable NIZK with tight simulation-soundness.
Category / Keywords: public-key encryption, CCA security, tightness
Original Publication (with major differences): IACR-EUROCRYPT-2016
Date: received 2 Feb 2016, last revised 2 May 2016
Contact author: rgay at di ens fr
Available format(s): PDF | BibTeX Citation
Version: 20160502:080826 (All versions of this report)
Short URL: ia.cr/2016/094
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]