Paper 2008/211

Efficient Chosen Ciphertext Secure Public Key Encryption under the Computational Diffie-Hellman Assumption

Goichiro Hanaoka and Kaoru Kurosawa


Recently Cash, Kiltz, and Shoup showed a variant of the Cramer-Shoup (CS) public key encryption (PKE) scheme whose chosen-ciphertext (CCA) security relies on the computational Diffie-Hellman (CDH) assumption. The cost for this high security is that the size of ciphertexts is much longer than the CS scheme. In this paper, we show how to achieve CCAsecurity under the CDH assumption without increasing the size of ciphertexts. We further show a more efficient scheme under the hashed Diffie-Hellman (HDH) assumption such that the size of ciphertexts is the same as that of the Kurosawa-Desmedt (KD) scheme. Note that the CDH and HDH assumptions are weaker than the decisional Diffie-Hellman assumption which the CS and KD schemes rely on. Both of our schemes are based on a certain broadcast encryption (BE) scheme while the Cash-Kiltz-Shoup scheme is based on a different paradigm which is called the Twin DH problem. As an independent interest, we also show a generic method of constructing CCA-secure PKE schemes from BE schemes such that the existing CCA-secure constructions can be viewed as special cases.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
public key encryptionCCA securitythe CDH assumption
Contact author(s)
hanaoka-goichiro @ aist go jp
2008-06-02: revised
2008-05-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {Goichiro Hanaoka and Kaoru Kurosawa},
      title = {Efficient Chosen Ciphertext Secure Public Key Encryption under the Computational Diffie-Hellman Assumption},
      howpublished = {Cryptology ePrint Archive, Paper 2008/211},
      year = {2008},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.