eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2016/094

Tightly CCA-Secure Encryption without Pairings

Romain Gay, Dennis Hofheinz, Eike Kiltz, and Hoeteck Wee


We present the first CCA-secure public-key encryption scheme based on DDH where the security loss is independent of the number of challenge ciphertexts and the number of decryption queries. Our construction extends also to the standard k-Lin assumption in pairing-free groups, whereas all prior constructions starting with Hofheinz and Jager (Crypto ’12) rely on the use of pairings. Moreover, our construction improves upon the concrete efficiency of existing schemes, reducing the ciphertext overhead by about half (to only 3 group elements under DDH), in addition to eliminating the use of pairings. We also show how to use our techniques in the NIZK setting. Specifically, we construct the first tightly simulation-sound designated-verifier NIZK for linear languages without pairings. Using pairings, we can turn our construction into a highly optimized publicly verifiable NIZK with tight simulation-soundness.

Available format(s)
Publication info
A major revision of an IACR publication in EUROCRYPT 2016
public-key encryptionCCA securitytightness
Contact author(s)
rgay @ di ens fr
2016-05-02: last of 8 revisions
2016-02-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Romain Gay and Dennis Hofheinz and Eike Kiltz and Hoeteck Wee},
      title = {Tightly CCA-Secure Encryption without Pairings},
      howpublished = {Cryptology ePrint Archive, Paper 2016/094},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/094}},
      url = {https://eprint.iacr.org/2016/094}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.