A new and improved paradigm for hybrid encryption secure against chosen-ciphertext attack (Q2267360): Difference between revisions

A hybrid encryption scheme [\textit{V. Shoup}, EUROCRYPT 2000. 19th international conference on the theory and application of cryptographic techniques, Bruges, Belgium, May 14--18, 2000. Proceedings. Berlin: Springer. Lect. Notes Comput. Sci. 1807, 275--288 (2000; Zbl 1082.94530)] works in two steps: first using public-key encryption techniques a shared key between sender and receiver is determined, next, this key is used to encrypt the actual message via symmetric-key techniques. If each of the parts of the hybrid cryptosystem is chosen-ciphertext secure, then the resulting hybrid system also is. This paper presents a modification of the above scheme. Combining two separate results from [http://eprint.iacr.org/2004/194] and [\textit{K. Kurosawa, Y. Desmedt}, Advances in cryptology -- CRYPTO 2004. 24th annual international cryptology conference, Santa Barbara, California, USA, August 15--19, 2004. Proceedings. Berlin: Springer. Lecture Notes in Computer Science 3152, 426--442 (2004; Zbl 1104.94028)] the scheme that saves the computation of one exponentiation and produces shorter ciphertexts has been obtained. This scheme is secure against adaptive chosen-ciphertext attack for all that its first part is not. It has been shown that: (i) the security holds also if projective hash families (as in [\textit{J. F. Martinez-Trinidad, J. Ruiz-Shulcloper}, Pattern Recognition 34, No.4, 783-793 (2001; Zbl 0969.68067)]) are used; (ii) in the random oracle model the security under the weaker computational Diffie-Hellman assumption can be proved.