Paper 2002/011

Optimal Chosen-Ciphertext Secure Encryption of Arbitrary-Length Messages

Jean-Sebastien Coron, Helena Handschuh, Marc Joye, Pascal Paillier, David Pointcheval, and Christophe Tymen


This paper considers arbitrary-length chosen-ciphertext secure asymmetric encryption, thus addressing what is actually needed for a practical usage of strong public-key cryptography in the real world. We put forward two generic constructions, gem-1 and gem-2, which apply to explicit fixed-length weakly secure primitives and provide a strongly secure (IND-CCA2) public-key encryption scheme for messages of unfixed length (typically computer files). Our techniques optimally combine a single call to any one-way trapdoor function with repeated encryptions through some weak block-cipher (a simple xor is fine) and hash functions of fixed-length input so that a minimal number of calls to these functions is needed. Our encryption/decryption throughputs are comparable to the ones of standard methods (asymmetric encryption of a session key + symmetric encryption with multiple modes). In our case, however, we formally prove that our designs are secure in the strongest sense and provide complete security reductions holding in the random oracle model.

Note: An extended abstract was published in Public Key Conference PKC 2002. This is the complete work (all proofs are included).

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Extended Abstract published in Public Key Conference PKC 2002
Contact author(s)
pascal paillier @ gemplus com
2002-01-26: received
Short URL
Creative Commons Attribution


      author = {Jean-Sebastien Coron and Helena Handschuh and Marc Joye and Pascal Paillier and David Pointcheval and Christophe Tymen},
      title = {Optimal Chosen-Ciphertext Secure Encryption of Arbitrary-Length Messages},
      howpublished = {Cryptology ePrint Archive, Paper 2002/011},
      year = {2002},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.