Hybrid Damgard is CCA1-Secure Under the DDH Assumption

Provided by: Springer Healthcare
Topic: Security
Format: PDF
Damgard proposed a simple public-key cryptosystem that he proved CCA1-secure under the diffie-hellman knowledge assumption. Gjosteen proved its CCA1-security under a more standard but still new and strong assumption. The known CCA2-secure public-key cryptosystems are considerably more complicated. The authors propose a hybrid variant of Damgard's public-key cryptosystem and show that it is CCA1-secure if the used symmetric cryptosystem is CPA-secure, the used MAC is unforgeable, the used key-derivation function is secure, and the underlying group is a DDH group. The new cryptosystem is the most efficient known CCA1-secure hybrid cryptosystem based on standard assumptions.

Find By Topic