Paper 2006/267

Stateful Public-Key Cryptosystems: How to Encrypt with One 160-bit Exponentiation

Mihir Bellare, Tadayoshi Kohno, and Victor Shoup


We show how to significantly speed-up the encryption portion of some public-key cryptosystems by the simple expedient of allowing a sender to maintain state that is re-used across different encryptions. In particular we present stateful versions of the DHIES and Kurosawa-Desmedt schemes that each use only one exponentiation to encrypt, as opposed to two and three respectively in the original schemes, yielding the fastest discrete-log based public-key encryption schemes known in the random-oracle and standard models respectively. The schemes are proven to meet an appropriate extension of the standard definition of IND-CCA security that takes into account novel types of attacks possible in the stateful setting.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Preliminary version in ACM CCS 2006. This is the full version.
Contact author(s)
mihir @ cs ucsd edu
2006-08-12: revised
2006-08-12: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mihir Bellare and Tadayoshi Kohno and Victor Shoup},
      title = {Stateful Public-Key Cryptosystems: How to Encrypt with One 160-bit Exponentiation},
      howpublished = {Cryptology ePrint Archive, Paper 2006/267},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.