Welcome to the resource topic for 2008/234

Title:
On the CCA1-Security of Elgamal and Damgård’s Elgamal

Authors: Helger Lipmaa

It is known that there exists a reduction from the CCA1-security of Damgård’s Elgamal (DEG) cryptosystem to what we call the \DDH^{\DSDH} assumption. We show that \DDH^{\DSDH} is unnecessary for DEG-CCA1, while DDH is insufficient for DEG-CCA1. We also show that CCA1-security of the Elgamal cryptosystem is equivalent to another assumption \DDH^{\CSDH}, while we show that \DDH^{\DSDH} is insufficient for Elgamal’s CCA1-security. Finally, we prove a generic-group model lower bound \Omega (\sqrt[3]{q}) for the hardest considered assumption \DDH^{\CSDH}, where q is the largest prime factor of the group order.

ePrint: https://eprint.iacr.org/2008/234

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .