CCA secure public-key encryption from the factoring assumption
Dennis Hofheinz, Karlsruher Institut für Technologie (KIT)
Thursday 24 November 2011, 15.00, b-it 1.25 (cosec meeting room)
This talk explains an efficient public-key encryption system that can be proven secure against chosen-ciphertext attacks under the sole assumption that factoring large integers is infeasible. Our system is a variant of the Blum-Goldwasser encryption system, which in turn employs the Blum-Blum-Shub pseudorandom generator. Our main addition to the Blum-Goldwasser system is a way to implement an "all-but-one" decryption mechanism that allows to decrypt all ciphertexts except for a designated "challenge ciphertext." This special decryption mechanism allows us to prove security even against an active adversary that may ask for the decryption of (almost) arbitrary ciphertexts.
The talk will first recall the relevant security definitions, and then explain our new scheme as a variant of the Blum-Goldwasser system.
(based on joint work with Eike Kiltz).