Cryptology ePrint Archive: Report 2016/243

On the Key Dependent Message Security of the Fujisaki-Okamoto Constructions

Fuyuki Kitagawa and Takahiro Matsuda and Goichiro Hanaoka and Keisuke Tanaka

Abstract: In PKC 1999, Fujisaki and Okamoto showed how to convert any public key encryption (PKE) scheme secure against chosen plaintext attacks (CPA) to a PKE scheme which is secure against chosen ciphertext attacks (CCA) in the random oracle model. Surprisingly, the resulting CCA secure scheme has almost the same efficiency as the underlying CPA secure scheme. Moreover, in J. Cryptology 2013, they proposed the more efficient conversion by using the hybrid encryption framework. In this work, we clarify whether these two constructions are also secure in the sense of key dependent message security against chosen ciphertext attacks (KDM-CCA security), under exactly the same assumptions on the building blocks as those used by Fujisaki and Okamoto. Specifically, we show two results: Firstly, we show that the construction proposed in PKC 1999 does not satisfy KDM-CCA security generally. Secondly, on the other hand, we show that the construction proposed in J. Cryptology 2013 satisfies KDM-CCA security.

Category / Keywords: public-key cryptography / public key encryption, key dependent message security, chosen ciphertext security.

Original Publication (with major differences): IACR-PKC-2016

Date: received 4 Mar 2016

Contact author: kitagaw1 at is titech ac jp

Available format(s): PDF | BibTeX Citation

Version: 20160305:013423 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]