CCA-Secure Public Key Encryption without Group-Dependent Hash Functions

Yang CUI  Goichiro HANAOKA  Hideki IMAI  

IEICE TRANSACTIONS on Information and Systems   Vol.E92-D    No.5    pp.967-970
Publication Date: 2009/05/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E92.D.967
Print ISSN: 0916-8532
Type of Manuscript: Special Section LETTER (Special Section on Information and Communication System Security)
Category: Cryptographic Techniques
CCA-secure public-key encryption,  group-dependent hash,  

Full Text: PDF(86.2KB)>>
Buy this Article

So far, in almost all of the practical public key encryption schemes, hash functions which are dependent on underlying cyclic groups are necessary, e.g., H:{0,1}*Zp where p is the order of the underlying cyclic group, and it could be required to construct a dedicated hash function for each public key. The motivation of this note is derived from the following two facts: 1). there is an important technical gap between hashing to a specific prime-order group and hashing to a certain length bit sequence, and this could cause a security hole; 2). surprisingly, to our best knowledge, there is no explicit induction that one could use the simple construction, instead of tailor-made hash functions. In this note, we investigate this issue and provide the first rigorous discussion that in many existing schemes, it is possible to replace such hash functions with a target collision resistant hash function H:{0,1}* → {0,1}k, where k is the security parameter. We think that it is very useful and could drastically save the cost for the hash function implementation in many practical cryptographic schemes.

open access publishing via