A CCA Secure Hybrid Damgård's ElGamal Encryption

Yvo Desmedt, Helger Lipmaa and Duong Hieu Phan

Abstract: In 1991, Damgård proposed a simple public-key cryptosystem that he proved CCA1-secure under the Diffie-Hellman Knowledge assumption. Only in 2006, Gjøsteen proved its CCA1-security under a more standard but still new and strong assumption. The known CCA2-secure public-key cryptosystems are considerably more complicated. We propose a hybrid variant of Damgård's public-key cryptosystem and show that it is CCA1-secure if the used symmetric cryptosystem is CPA-secure, the used MAC is unforgeable, the used key-derivation function is secure, and the underlying group is a DDH group. The new cryptosystem is the most efficient known CCA1-secure hybrid cryptosystem based on standard assumptions.

Ref: Proceeding of CANS '08, Lecture Notes in Computer Science Vol. 5339, pages 18-30, Springer-Verlag, 2008.

Available: pdf.