A Robust and Plaintext-Aware Variant of Signed ElGamal Encryption View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2013

AUTHORS

Yannick Seurin , Joana Treger

ABSTRACT

Adding a Schnorr signature to ElGamal encryption is a popular proposal aiming at thwarting chosen-ciphertext attacks by rendering the scheme plaintext-aware. However, there is no known security proof for the resulting scheme, at least not in a weaker model than the one obtained by combining the Random Oracle Model (ROM) and the Generic Group Model (Schnorr and Jakobsson, ASIACRYPT 2000). In this paper, we propose a very simple modification to Schnorr-Signed ElGamal encryption that leaves keys and ciphertexts size unchanged, for which the resulting scheme is semantically secure under adaptive chosen-ciphertext attacks (IND-CCA2-secure) in the ROM under the Decisional Diffie-Hellman assumption. In fact, we even prove that our new scheme is plaintext-aware in the ROM as defined by Bellare et al. (CRYPTO ’98). Interestingly, we also observe that Schnorr-Signed ElGamal is not plaintext-aware (again, for the definition of Bellare et al.) under the Computational Diffie-Hellman assumption. We show that our new scheme additionally achieves anonymity as well as robustness, a notion formalized by Abdalla et al. (TCC 2010) which captures the fact that it is hard to create a ciphertext that is valid under two different public keys. Finally, we study the hybrid variant of our new proposal, and show that it is IND-CCA2-secure in the ROM under the Computational Diffie-Hellman assumption when used with a symmetric encryption scheme satisfying the weakest security notion, namely ciphertext indistinguishability under one-time attacks (IND-OT-security). More... »

PAGES

68-83

Book

TITLE

Topics in Cryptology – CT-RSA 2013

ISBN

978-3-642-36094-7
978-3-642-36095-4

Author Affiliations

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-642-36095-4_5

DOI

http://dx.doi.org/10.1007/978-3-642-36095-4_5

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1045261774


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "ANSSI, Paris, France", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "ANSSI, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Seurin", 
        "givenName": "Yannick", 
        "id": "sg:person.011724731171.01", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011724731171.01"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "ANSSI, Paris, France", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "ANSSI, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Treger", 
        "givenName": "Joana", 
        "id": "sg:person.012244261513.56", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012244261513.56"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2013", 
    "datePublishedReg": "2013-01-01", 
    "description": "Adding a Schnorr signature to ElGamal encryption is a popular proposal aiming at thwarting chosen-ciphertext attacks by rendering the scheme plaintext-aware. However, there is no known security proof for the resulting scheme, at least not in a weaker model than the one obtained by combining the Random Oracle Model (ROM) and the Generic Group Model (Schnorr and Jakobsson, ASIACRYPT 2000). In this paper, we propose a very simple modification to Schnorr-Signed ElGamal encryption that leaves keys and ciphertexts size unchanged, for which the resulting scheme is semantically secure under adaptive chosen-ciphertext attacks (IND-CCA2-secure) in the ROM under the Decisional Diffie-Hellman assumption. In fact, we even prove that our new scheme is plaintext-aware in the ROM as defined by Bellare et al. (CRYPTO\u00a0\u201998). Interestingly, we also observe that Schnorr-Signed ElGamal is not plaintext-aware (again, for the definition of Bellare et al.) under the Computational Diffie-Hellman assumption. We show that our new scheme additionally achieves anonymity as well as robustness, a notion formalized by Abdalla et al. (TCC 2010) which captures the fact that it is hard to create a ciphertext that is valid under two different public keys. Finally, we study the hybrid variant of our new proposal, and show that it is IND-CCA2-secure in the ROM under the Computational Diffie-Hellman assumption when used with a symmetric encryption scheme satisfying the weakest security notion, namely ciphertext indistinguishability under one-time attacks (IND-OT-security).", 
    "editor": [
      {
        "familyName": "Dawson", 
        "givenName": "Ed", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-642-36095-4_5", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-642-36094-7", 
        "978-3-642-36095-4"
      ], 
      "name": "Topics in Cryptology \u2013 CT-RSA 2013", 
      "type": "Book"
    }, 
    "keywords": [
      "random oracle model", 
      "Diffie-Hellman assumption", 
      "computational Diffie-Hellman assumption", 
      "chosen-ciphertext attacks", 
      "ElGamal encryption", 
      "adaptive chosen-ciphertext attacks", 
      "decisional Diffie-Hellman assumption", 
      "weaker security notion", 
      "symmetric encryption scheme", 
      "different public keys", 
      "generic group model", 
      "Bellare et al", 
      "Abdalla et al", 
      "ciphertext indistinguishability", 
      "encryption scheme", 
      "new scheme", 
      "public key", 
      "security notions", 
      "security proof", 
      "oracle model", 
      "IND-CCA2", 
      "ciphertext size", 
      "Schnorr signature", 
      "encryption", 
      "weak models", 
      "hybrid variant", 
      "attacks", 
      "scheme", 
      "popular proposals", 
      "group model", 
      "ElGamal", 
      "ciphertext", 
      "new proposal", 
      "Secure", 
      "key", 
      "anonymity", 
      "Schnorr", 
      "proposal", 
      "indistinguishability", 
      "robustness", 
      "model", 
      "simple modification", 
      "proof", 
      "notion", 
      "assumption", 
      "et al", 
      "variants", 
      "fact", 
      "signatures", 
      "one", 
      "size", 
      "modification", 
      "al", 
      "paper"
    ], 
    "name": "A Robust and Plaintext-Aware Variant of Signed ElGamal Encryption", 
    "pagination": "68-83", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1045261774"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-642-36095-4_5"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-642-36095-4_5", 
      "https://app.dimensions.ai/details/publication/pub.1045261774"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-12-01T06:53", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20221201/entities/gbq_results/chapter/chapter_398.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-642-36095-4_5"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-36095-4_5'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-36095-4_5'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-36095-4_5'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-36095-4_5'


 

This table displays all metadata directly associated to this object as RDF triples.

120 TRIPLES      22 PREDICATES      79 URIs      72 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-642-36095-4_5 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author N5bbc794a17654ded832baabac5ea803a
4 schema:datePublished 2013
5 schema:datePublishedReg 2013-01-01
6 schema:description Adding a Schnorr signature to ElGamal encryption is a popular proposal aiming at thwarting chosen-ciphertext attacks by rendering the scheme plaintext-aware. However, there is no known security proof for the resulting scheme, at least not in a weaker model than the one obtained by combining the Random Oracle Model (ROM) and the Generic Group Model (Schnorr and Jakobsson, ASIACRYPT 2000). In this paper, we propose a very simple modification to Schnorr-Signed ElGamal encryption that leaves keys and ciphertexts size unchanged, for which the resulting scheme is semantically secure under adaptive chosen-ciphertext attacks (IND-CCA2-secure) in the ROM under the Decisional Diffie-Hellman assumption. In fact, we even prove that our new scheme is plaintext-aware in the ROM as defined by Bellare et al. (CRYPTO ’98). Interestingly, we also observe that Schnorr-Signed ElGamal is not plaintext-aware (again, for the definition of Bellare et al.) under the Computational Diffie-Hellman assumption. We show that our new scheme additionally achieves anonymity as well as robustness, a notion formalized by Abdalla et al. (TCC 2010) which captures the fact that it is hard to create a ciphertext that is valid under two different public keys. Finally, we study the hybrid variant of our new proposal, and show that it is IND-CCA2-secure in the ROM under the Computational Diffie-Hellman assumption when used with a symmetric encryption scheme satisfying the weakest security notion, namely ciphertext indistinguishability under one-time attacks (IND-OT-security).
7 schema:editor Ne8c246bb60e4433ea9c007e394672382
8 schema:genre chapter
9 schema:isAccessibleForFree true
10 schema:isPartOf N1c9e1499efde4996b54572041ad3d00c
11 schema:keywords Abdalla et al
12 Bellare et al
13 Diffie-Hellman assumption
14 ElGamal
15 ElGamal encryption
16 IND-CCA2
17 Schnorr
18 Schnorr signature
19 Secure
20 adaptive chosen-ciphertext attacks
21 al
22 anonymity
23 assumption
24 attacks
25 chosen-ciphertext attacks
26 ciphertext
27 ciphertext indistinguishability
28 ciphertext size
29 computational Diffie-Hellman assumption
30 decisional Diffie-Hellman assumption
31 different public keys
32 encryption
33 encryption scheme
34 et al
35 fact
36 generic group model
37 group model
38 hybrid variant
39 indistinguishability
40 key
41 model
42 modification
43 new proposal
44 new scheme
45 notion
46 one
47 oracle model
48 paper
49 popular proposals
50 proof
51 proposal
52 public key
53 random oracle model
54 robustness
55 scheme
56 security notions
57 security proof
58 signatures
59 simple modification
60 size
61 symmetric encryption scheme
62 variants
63 weak models
64 weaker security notion
65 schema:name A Robust and Plaintext-Aware Variant of Signed ElGamal Encryption
66 schema:pagination 68-83
67 schema:productId N0f1ce7b9973449138dd077ee88db1335
68 N30074b83b09041989342d705496dcfbb
69 schema:publisher Na41cf7d7d9284ce784ddf6078486c967
70 schema:sameAs https://app.dimensions.ai/details/publication/pub.1045261774
71 https://doi.org/10.1007/978-3-642-36095-4_5
72 schema:sdDatePublished 2022-12-01T06:53
73 schema:sdLicense https://scigraph.springernature.com/explorer/license/
74 schema:sdPublisher N0b5a0f1ba4e146bfab3151b49f635718
75 schema:url https://doi.org/10.1007/978-3-642-36095-4_5
76 sgo:license sg:explorer/license/
77 sgo:sdDataset chapters
78 rdf:type schema:Chapter
79 N0b5a0f1ba4e146bfab3151b49f635718 schema:name Springer Nature - SN SciGraph project
80 rdf:type schema:Organization
81 N0f1ce7b9973449138dd077ee88db1335 schema:name dimensions_id
82 schema:value pub.1045261774
83 rdf:type schema:PropertyValue
84 N1c9e1499efde4996b54572041ad3d00c schema:isbn 978-3-642-36094-7
85 978-3-642-36095-4
86 schema:name Topics in Cryptology – CT-RSA 2013
87 rdf:type schema:Book
88 N30074b83b09041989342d705496dcfbb schema:name doi
89 schema:value 10.1007/978-3-642-36095-4_5
90 rdf:type schema:PropertyValue
91 N5bbc794a17654ded832baabac5ea803a rdf:first sg:person.011724731171.01
92 rdf:rest Nbfa33329f0624d9f990b78eddd39b299
93 N997e06211221425eaa5c740a56358aaa schema:familyName Dawson
94 schema:givenName Ed
95 rdf:type schema:Person
96 Na41cf7d7d9284ce784ddf6078486c967 schema:name Springer Nature
97 rdf:type schema:Organisation
98 Nbfa33329f0624d9f990b78eddd39b299 rdf:first sg:person.012244261513.56
99 rdf:rest rdf:nil
100 Ne8c246bb60e4433ea9c007e394672382 rdf:first N997e06211221425eaa5c740a56358aaa
101 rdf:rest rdf:nil
102 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
103 schema:name Information and Computing Sciences
104 rdf:type schema:DefinedTerm
105 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
106 schema:name Data Format
107 rdf:type schema:DefinedTerm
108 sg:person.011724731171.01 schema:affiliation grid-institutes:None
109 schema:familyName Seurin
110 schema:givenName Yannick
111 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011724731171.01
112 rdf:type schema:Person
113 sg:person.012244261513.56 schema:affiliation grid-institutes:None
114 schema:familyName Treger
115 schema:givenName Joana
116 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012244261513.56
117 rdf:type schema:Person
118 grid-institutes:None schema:alternateName ANSSI, Paris, France
119 schema:name ANSSI, Paris, France
120 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...