• Programme
• Writing talks and theses
• Theses topics
• Teaching
  • Winter 2017
  • Summer 2017
  • IPEC Winter 2017
  • Winter 2016/2017
  • IPEC Summer 2016
  • Summer 2016
  • IPEC Winter 2016
  • Winter 2015/2016
  • IPEC Summer 2015
  • Summer 2015
  • IPEC Winter 2015
  • Winter 2014/2015
  • IPEC Summer 2014
  • Summer 2014
  • IPEC Winter 2014
  • Winter 2013/2014
  • IPEC Summer 2013
  • Summer 2013
  • IPEC Winter 2013
  • Winter 2012/2013
  • IPEC Summer 2012
  • Summer 2012
  • IPEC Winter 2012
  • Winter 2011/2012
  • Cryptography
  • Advanced cryptography: light-weight cryptography
  • Seminar Mobile Security
  • Seminar Advanced Topics in Cryptography
  • Oberseminar Computer Security, Winter 2011/2012
  • IPEC Summer 2011
  • Summer 2011
  • IPEC Winter 2011
  • Winter 2010/2011
  • IPEC Summer 2010
  • Summer 2010
  • IPEC Winter 2010
  • Winter 2009/2010
  • IPEC Summer 2009
  • Summer 2009
  • IPEC Winter 2009
  • Winter 2008/2009
  • IPEC Summer 2008
  • Summer 2008
  • IPEC Winter 2008
  • Winter 2007/2008
  • IPEC Summer 2007
  • Summer 2007
  • IPEC Winter 2007
  • Winter 2006/2007
  • IPEC Summer 2006
  • Summer 2006
  • IPEC Winter 2006
  • Winter 2005/2006
• Special events
• crypt@b-it
• Schüler-Krypto

CCA secure public-key encryption from the factoring assumption

Dennis Hofheinz, Karlsruher Institut für Technologie (KIT)

Thursday 24 November 2011, 15.00, b-it 1.25 (cosec meeting room)

This talk explains an efficient public-key encryption system that can be proven secure against chosen-ciphertext attacks under the sole assumption that factoring large integers is infeasible. Our system is a variant of the Blum-Goldwasser encryption system, which in turn employs the Blum-Blum-Shub pseudorandom generator. Our main addition to the Blum-Goldwasser system is a way to implement an "all-but-one" decryption mechanism that allows to decrypt all ciphertexts except for a designated "challenge ciphertext." This special decryption mechanism allows us to prove security even against an active adversary that may ask for the decryption of (almost) arbitrary ciphertexts.

The talk will first recall the relevant security definitions, and then explain our new scheme as a variant of the Blum-Goldwasser system.

(based on joint work with Eike Kiltz).