CryptoDB
New Limits of Provable Security and Applications to ElGamal Encryption
| Authors: |
|
|---|---|
| Download: | |
| Conference: | EUROCRYPT 2024 |
| Abstract: | We provide new results showing that ElGamal encryption cannot be proven CCA1-secure -- a long-standing open problem in cryptography. Our result follows from a very broad, meta-reduction-based impossibility result on random self-reducible relations with efficiently re-randomizable witnesses. The techniques that we develop allow, for the first time, to provide impossibility results for very weak security notions where the challenger outputs fresh challenge statements at the end of the security game. This can be used to finally tackle encryption-type definitions that have remained elusive in the past. We show that our results have broad applicability by casting several known cryptographic setups as instances of random self-reducible and re-randomizable relations. These setups include general semi-homomorphic PKE and the large class of certified homomorphic one-way bijections. As a result, we also obtain new impossibility results for the IND-CCA1 security of the PKEs of Paillier and Damgard-Jurik, and many one-more inversion assumptions like the one-more DLOG or the one-more RSA assumption. |
BibTeX
@inproceedings{eurocrypt-2024-33996,
title={New Limits of Provable Security and Applications to ElGamal Encryption},
publisher={Springer-Verlag},
author={Sven Schäge},
year=2024
}