On the Necessity of Strong Assumptions for the Security of a Class of Asymmetric Encryption Schemes
Recently various public key encryption schemes such as DHIES by Abdalla, Bellare and Rogaway and REACT by Okamoto and Pointcheval, whose security against adaptive chosen ciphertext attack (CCA) is based on the Gap problems, have been proposed. Although the Gap problems were proved to be a sufficient assumption for those schemes to be secure against adaptive chosen-cipertext attack, a necessary condition for CCA security of those schemes has not been explicitly discussed.
In this paper we clarify the necessary condition for CCA security of those schemes. Namely we prove (in the random oracle model) that the Gap Diffie-Hellman is not only sufficient, but also a necessary assumption for the CCA security of DHIES and Diffie-Hellman version of REACT. We also show that our result applies to a wider class of public key encryption schemes. Furthermore we show that our result implies the equivalence, in the random oracle model, between ‘Strong Diffie-Hellman’ and ‘Oracle Diffie-Hellman’ assumptions proposed by Abdalla, Bellare and Rogaway. Our results may be used as criteria for distinguishing public key encryption schemes whose CCA security is based on strong assumptions (such as Gap Diffie-Hellman) from those schemes based on weaker ones (such as Computational Diffie-Hellman).
KeywordsEncryption Scheme Random Oracle Message Authentication Code Random Oracle Model Security Notion
Unable to display preview. Download preview PDF.
- 2.M. Bellare and P. Rogaway. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In Proceedings of First ACM Conference on Computer and Communications Security, pages 62–73. ACM, 1993.Google Scholar
- 7.V. Shoup. A Proposal for an ISO Standard for Public Key Encryption (Cersion 1.1). ISO/IEC JTC 1/SC 27, 2001.Google Scholar