2011 | OriginalPaper | Buchkapitel
On the CCA1-Security of Elgamal and Damgård’s Elgamal
verfasst von : Helger Lipmaa
Erschienen in: Information Security and Cryptology
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
It is known that there exists a reduction from the CCA1-security of Damgård’s Elgamal (DEG) cryptosystem to what we call the
$\textrm{ddh}^{\textrm{dsdh}}$
assumption. We show that
$\textrm{ddh}^{\textrm{dsdh}}$
is unnecessary for DEG-CCA1, while DDH is insufficient for DEG-CCA1. We also show that CCA1-security of the Elgamal cryptosystem is equivalent to another assumption
$\textrm{ddh}^{\textrm{csdh}}$
, while we show that
$\textrm{ddh}^{\textrm{dsdh}}$
is insufficient for Elgamal’s CCA1-security. Finally, we prove a generic-group model lower bound
$\Omega (\sqrt[3]{q})$
for the hardest considered assumption
$\textrm{ddh}^{\textrm{csdh}}$
, where
q
is the largest prime factor of the group order.