A new cryptosystem analogous to LUCELG and Cramer-Shoup

A special group based on a linear recurrence equation plays an important role in modern cryptography. Its relation appeared differently in various cryptosystem. Some cryptosystems that use this linear recurrence property are LUC, LUCDIF, and LUCELG but the first practical Lucas function in a cryptosystem is LUC, presented by Peter Smith and Michael Lennon in 1993. Cramer-Shoup is a practical public key cryptosystem provably secure against adaptive chosen ciphertext attack that requires a universal one-way hash function. Based on LUCELG and Cramer-Shoup cryptosystems, a new public key cryptosystem is developed by generating the key generation, encryption and decryption algorithm. There are two types of security for the new cryptosystem that we are concerned which are the security of Lucas function and its security against an adaptive chosen ciphertext attack. Since the encryption and decryption algorithm of a new cryptosystem is based on the defined Lucas function, it is believed that the security of Lucas function is polynomial-time equivalent to the generalized discrete logarithm problems. Moreover, the new cryptosystem is secure against adaptive chosen ciphertext attack by assuming that the hash function is chosen from a universal one-way family and the Diffie-Hellm an decision problem is hard in the finite field

Security of signed ELGamal encryption

Assuming a cryptographically strong cyclic group G of prime order q and a random hash function H, we show that ElGamal encryption with an added Schnorr signature is secure against the adaptive chosen ciphertext attack, in which an attacker can freely use a decryption oracle except for the target ciphertext. We also prove security against the novel one-more-decyption attack. Our security proofs are in a new model, corresponding to a combination of two previously introduced models, the Random Oracle model and the Generic model. The security extends to the distributed threshold version of the scheme. Moreover, we propose a very practical scheme for private information retrieval that is based on blind decryption of ElGamal ciphertexts

The zheng-seberry public key cryptosystem and signcryption

In 1993 Zheng-Seberry presented a public key cryptosystem that was considered efficient and secure in the sense of indistinguishability of encryptions (IND) against an adaptively chosen ciphertext adversary (CCA2). This thesis shows the Zheng-Seberry scheme is not secure as a CCA2 adversary can break the scheme in the sense of IND. In 1998 Cramer-Shoup presented a scheme that was secure against an IND-CCA2 adversary and whose proof relied only on standard assumptions. This thesis modifies this proof and applies it to a modified version of the El-Gamal scheme. This resulted in a provably secure scheme relying on the Random Oracle (RO) model, which is more efficient than the original Cramer-Shoup scheme. Although the RO model assumption is needed for security of this new El-Gamal variant, it only relies on it in a minimal way

Security of discrete log cryptosystems in the random oracle and the generic model

We introduce novel security proofs that use combinatorial counting arguments rather than reductions to the discrete logarithm or to the Diffie-Hellman problem. Our security results are sharp and clean with no polynomial reduction times involved. We consider a combination of the random oracle model and the generic model. This corresponds to assuming an ideal hash function H given by an oracle and an ideal group of prime order q, where the binary encoding of the group elements is useless for cryptographic attacks In this model, we first show that Schnorr signatures are secure against the one-more signature forgery : A generic adversary performing t generic steps including l sequential interactions with the signer cannot produce l+1 signatures with a better probability than (t 2)/q. We also characterize the different power of sequential and of parallel attacks. Secondly, we prove signed ElGamal encryption is secure against the adaptive chosen ciphertext attack, in which an attacker can arbitrarily use a decryption oracle except for the challenge ciphertext. Moreover, signed ElGamal encryption is secure against the one-more decryption attack: A generic adversary performing t generic steps including l interactions with the decryption oracle cannot distinguish the plaintexts of l + 1 ciphertexts from random strings with a probability exceeding (t 2)/q