On the Necessity of Strong Assumptions for the Security of a Class of Asymmetric Encryption Schemes

  • Ron Steinfeld
  • Joonsang Baek
  • Yuliang Zheng
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2384)


Recently various public key encryption schemes such as DHIES by Abdalla, Bellare and Rogaway and REACT by Okamoto and Pointcheval, whose security against adaptive chosen ciphertext attack (CCA) is based on the Gap problems, have been proposed. Although the Gap problems were proved to be a sufficient assumption for those schemes to be secure against adaptive chosen-cipertext attack, a necessary condition for CCA security of those schemes has not been explicitly discussed.

In this paper we clarify the necessary condition for CCA security of those schemes. Namely we prove (in the random oracle model) that the Gap Diffie-Hellman is not only sufficient, but also a necessary assumption for the CCA security of DHIES and Diffie-Hellman version of REACT. We also show that our result applies to a wider class of public key encryption schemes. Furthermore we show that our result implies the equivalence, in the random oracle model, between ‘Strong Diffie-Hellman’ and ‘Oracle Diffie-Hellman’ assumptions proposed by Abdalla, Bellare and Rogaway. Our results may be used as criteria for distinguishing public key encryption schemes whose CCA security is based on strong assumptions (such as Gap Diffie-Hellman) from those schemes based on weaker ones (such as Computational Diffie-Hellman).


Encryption Scheme Random Oracle Message Authentication Code Random Oracle Model Security Notion 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations Among Notions of Security for Public-Key Encryption Schemes. In Advances in Cryptology-Proceedings of CRYPTO’ 98, volume 1462 of LNCS, pages 26–45, Berlin, 1998. Springer-Verlag.CrossRefGoogle Scholar
  2. 2.
    M. Bellare and P. Rogaway. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In Proceedings of First ACM Conference on Computer and Communications Security, pages 62–73. ACM, 1993.Google Scholar
  3. 3.
    M. Bellare and P. Rogaway. Minimizing the use of random oracles in authenticated encryption schemes. In Information and Communications Security, volume 1334 of LNCS, pages 1–16, Berlin, 1997. Springer-Verlag.CrossRefGoogle Scholar
  4. 4.
    M. Bellare M. Abdalla and P. Rogaway. The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES. In Topics in Cryptology-CT-RSA 2001, volume 2020 of LNCS, pages 143–158, Berlin, 2001. Springer-Verlag. See full paper available at Scholar
  5. 5.
    T. Okamoto and D. Pointcheval. REACT: Rapid Enhanced-security Asymmetric Cryptosystem Transform. In Topics in Cryptology-CT-RSA 2001, volume 2020 of LNCS, pages 159–174, Berlin, 2001. Springer-Verlag.CrossRefGoogle Scholar
  6. 6.
    Y. Zheng and J. Seberry. Immunizing public key cryptosystems against chosen ciphertext attacks. In the Special Issue on Secure Communications, IEEE Journal on Selected Areas in Communications, Vol. 11, No. 5, 1993, pages 715–724.CrossRefGoogle Scholar
  7. 7.
    V. Shoup. A Proposal for an ISO Standard for Public Key Encryption (Cersion 1.1). ISO/IEC JTC 1/SC 27, 2001.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Ron Steinfeld
    • 1
  • Joonsang Baek
    • 1
  • Yuliang Zheng
    • 2
  1. 1.School of Network ComputingMonash UniversityFrankstonAustralia
  2. 2.Dept. Software and Info. SystemsUNCCharlotteUSA

Personalised recommendations