Helger Lipmaa's publications

Hybrid Damgård Is CCA1-Secure under The DDH Assumption

Yvo Desmedt, Helger Lipmaa and Duong Hieu Phan. Hybrid Damgård Is CCA1-Secure under The DDH Assumption. In Matthew K. Franklin, Lucas Chi Kwong Hui and Duncan S. Wong, editors, The 7th International Conference on Cryptology And Network Security (CANS 2008), volume 5339 of Lecture Notes in Computer Science, pages 18--30, Hong Kong, China, December 2--4, 2008. Springer, Heidelberg.

File: [.pdf (232 KB)] pdf recommended.


In 1991, Damgård proposed a simple public-key cryptosystem that he proved CCA1-secure under the Diffie-Hellman Knowledge assumption. Only in 2006, Gjøsteen proved its CCA1-security under a more standard but still new and strong assumption. The known CCA2-secure public-key cryptosystems are considerably more complicated. We propose a hybrid variant of Damg°ard's public key cryptosystem and show that it is CCA1-secure if the used symmetric cryptosystem is CPA-secure, the used MAC is unforgeable, the used key-derivation function is secure, and the underlying group is a DDH group. The new cryptosystem is the most efficient known CCA1-secure hybrid cryptosystem based on standard assumptions..

Keywords: CCA1-security, Damgård's cryptosystem, DDH, hybrid cryptosystems.


Page by Helger Lipmaa. Send your inqueries to <helger.lipmaa><at>gmail.com.