The search functionality is under construction.

The search functionality is under construction.

So far, in almost all of the practical public key encryption schemes, hash functions which are dependent on underlying cyclic groups are necessary, e.g., *H*:{0,1}^{*} → **Z**_{p} where *p* is the order of the underlying cyclic group, and it could be required to construct a dedicated hash function for each public key. The motivation of this note is derived from the following two facts: 1). there is an important technical gap between hashing to a specific prime-order group and hashing to a certain length bit sequence, and this could cause a security hole; 2). surprisingly, to our best knowledge, there is no explicit induction that one could use the simple construction, instead of tailor-made hash functions. In this note, we investigate this issue and provide the *first rigorous* discussion that in many existing schemes, it is possible to replace such hash functions with a target collision resistant hash function *H*:{0,1}^{*} → {0,1}^{k}, where *k* is the security parameter. We think that it is very useful and could drastically save the cost for the hash function implementation in many practical cryptographic schemes.

- Publication
- IEICE TRANSACTIONS on Information Vol.E92-D No.5 pp.967-970

- Publication Date
- 2009/05/01

- Publicized

- Online ISSN
- 1745-1361

- DOI
- 10.1587/transinf.E92.D.967

- Type of Manuscript
- Special Section LETTER (Special Section on Information and Communication System Security)

- Category
- Cryptographic Techniques

The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.

Copy

Yang CUI, Goichiro HANAOKA, Hideki IMAI, "CCA-Secure Public Key Encryption without Group-Dependent Hash Functions" in IEICE TRANSACTIONS on Information,
vol. E92-D, no. 5, pp. 967-970, May 2009, doi: 10.1587/transinf.E92.D.967.

Abstract: So far, in almost all of the practical public key encryption schemes, hash functions which are dependent on underlying cyclic groups are necessary, e.g., *H*:{0,1}^{*} → **Z**_{p} where *p* is the order of the underlying cyclic group, and it could be required to construct a dedicated hash function for each public key. The motivation of this note is derived from the following two facts: 1). there is an important technical gap between hashing to a specific prime-order group and hashing to a certain length bit sequence, and this could cause a security hole; 2). surprisingly, to our best knowledge, there is no explicit induction that one could use the simple construction, instead of tailor-made hash functions. In this note, we investigate this issue and provide the *first rigorous* discussion that in many existing schemes, it is possible to replace such hash functions with a target collision resistant hash function *H*:{0,1}^{*} → {0,1}^{k}, where *k* is the security parameter. We think that it is very useful and could drastically save the cost for the hash function implementation in many practical cryptographic schemes.

URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.E92.D.967/_p

Copy

@ARTICLE{e92-d_5_967,

author={Yang CUI, Goichiro HANAOKA, Hideki IMAI, },

journal={IEICE TRANSACTIONS on Information},

title={CCA-Secure Public Key Encryption without Group-Dependent Hash Functions},

year={2009},

volume={E92-D},

number={5},

pages={967-970},

abstract={So far, in almost all of the practical public key encryption schemes, hash functions which are dependent on underlying cyclic groups are necessary, e.g., *H*:{0,1}^{*} → **Z**_{p} where *p* is the order of the underlying cyclic group, and it could be required to construct a dedicated hash function for each public key. The motivation of this note is derived from the following two facts: 1). there is an important technical gap between hashing to a specific prime-order group and hashing to a certain length bit sequence, and this could cause a security hole; 2). surprisingly, to our best knowledge, there is no explicit induction that one could use the simple construction, instead of tailor-made hash functions. In this note, we investigate this issue and provide the *first rigorous* discussion that in many existing schemes, it is possible to replace such hash functions with a target collision resistant hash function *H*:{0,1}^{*} → {0,1}^{k}, where *k* is the security parameter. We think that it is very useful and could drastically save the cost for the hash function implementation in many practical cryptographic schemes.},

keywords={},

doi={10.1587/transinf.E92.D.967},

ISSN={1745-1361},

month={May},}

Copy

TY - JOUR

TI - CCA-Secure Public Key Encryption without Group-Dependent Hash Functions

T2 - IEICE TRANSACTIONS on Information

SP - 967

EP - 970

AU - Yang CUI

AU - Goichiro HANAOKA

AU - Hideki IMAI

PY - 2009

DO - 10.1587/transinf.E92.D.967

JO - IEICE TRANSACTIONS on Information

SN - 1745-1361

VL - E92-D

IS - 5

JA - IEICE TRANSACTIONS on Information

Y1 - May 2009

AB - So far, in almost all of the practical public key encryption schemes, hash functions which are dependent on underlying cyclic groups are necessary, e.g., *H*:{0,1}^{*} → **Z**_{p} where *p* is the order of the underlying cyclic group, and it could be required to construct a dedicated hash function for each public key. The motivation of this note is derived from the following two facts: 1). there is an important technical gap between hashing to a specific prime-order group and hashing to a certain length bit sequence, and this could cause a security hole; 2). surprisingly, to our best knowledge, there is no explicit induction that one could use the simple construction, instead of tailor-made hash functions. In this note, we investigate this issue and provide the *first rigorous* discussion that in many existing schemes, it is possible to replace such hash functions with a target collision resistant hash function *H*:{0,1}^{*} → {0,1}^{k}, where *k* is the security parameter. We think that it is very useful and could drastically save the cost for the hash function implementation in many practical cryptographic schemes.

ER -