Paper 2015/649

On the Hardness of Proving CCA-security of Signed ElGamal

David Bernhard, Marc Fischlin, and Bogdan Warinschi

Abstract

The well-known Signed ElGamal scheme consists of ElGamal encryption with a non-interactive Schnorr proof of knowledge. While this scheme should be intuitively secure against chosen-ciphertext attacks in the random oracle model, its security has not yet been proven nor disproven so far, without relying on further non-standard assumptions like the generic group model. Currently, the best known positive result is that Signed ElGamal is non-malleable under chosen-plaintext attacks. In this paper we provide evidence that Signed ElGamal may not be CCA secure in the random oracle model. That is, building on previous work of Shoup and Gennaro (Eurocrypt’98), Seurin and Treger (CT-RSA 2013), and Bernhard et al. (PKC 2015), we exclude a large class of potential reductions that could be used to establish CCA security of the scheme.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint. MINOR revision.
Keywords
proofs of knowledgesigma protocolsfiat-shamirsigned elgamal
Contact author(s)
bernhard @ cs bris ac uk
History
2015-07-01: received
Short URL
https://ia.cr/2015/649
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2015/649,
      author = {David Bernhard and Marc Fischlin and Bogdan Warinschi},
      title = {On the Hardness of Proving {CCA}-security of Signed {ElGamal}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/649},
      year = {2015},
      url = {https://eprint.iacr.org/2015/649}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.