1 / 11

Compact CCA-Secure Encryption for Messages of Arbitrary Length

Compact CCA-Secure Encryption for Messages of Arbitrary Length. Presentation By: D. Vamsi Krishna CS09B006. A NEW SCHEME [AKO07]. Ciphertext:. Best CTO (as short as ElGamal’s). Can encrypt arbitrary message. Details. Key pair:. Hash:. Encryption:. Decryption:. ENCRYPTION (DIAGRAM).

kamin
Download Presentation

Compact CCA-Secure Encryption for Messages of Arbitrary Length

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Compact CCA-Secure Encryption for Messages of Arbitrary Length Presentation By: D. Vamsi Krishna CS09B006

  2. A NEW SCHEME [AKO07] Ciphertext: Best CTO (as short as ElGamal’s) Can encrypt arbitrary message.

  3. Details Key pair: Hash: Encryption: Decryption:

  4. ENCRYPTION (DIAGRAM)

  5. DECRYPTION (DIAGRAM)

  6. Comparison* Comparison in typical 80-bit security setting over elliptic curve group. 1 multi-base exponentiation is counted as 1.2 single-base exponentiation. Costs for trivial computations are ignored. Hashing a (potentially long) message is counted. * Personal Communication with Masayuki Abe

  7. Security

  8. CCA Attack • The Challenger ( C ) generates a public key/secret key pair, and gives public key to Adversary (A). • A makes a number of decryption queries to the challenger. • A makes one challenge query !! • A makes more decryption queries. • A predicts a or b. A sends messages (a, b) to C, C chooses a or b at random, encrypts (d)and sends back He shouldn’t obviously ask for decryption of d

  9. Proof Highlight • Reduction to Gap-DH (outline) • Given , • set public-key to • set . • Simulate the decryption oracle by using gap-DH oracle. • Given challenge , • set , • define , • return challenge ciphertext . • If A asks to H, then output the query.

  10. Reference(s) • Compact CCA-Secure Encryption for Messages of Arbitrary Length – Masayuki Abe, Eike Kiltz, Tatsuaki Okamoto • Personal Communication with Masayuki Abe.

  11. Thank You

More Related