##
Stateful Public-Key Cryptosystems: How to Encrypt with One 160-bit
Exponentiation

** Authors:
M. Bellare, T. Kohno and V. Shoup
**
** Abstract: ** We show how to significantly speed-up the encryption portion
of some public-key cryptosystems by the simple expedient of allowing a
sender to maintain state that is re-used across different encryptions.
In particular we present stateful versions of the DHIES and
Kurosawa-Desmedt schemes that each use only one exponentiation to
encrypt, as opposed to two and three respectively in the original
schemes, yielding the fastest discrete-log based public-key encryption
schemes known in the random-oracle and standard models respectively.
The schemes are proven to meet an appropriate extension of the
standard definition of IND-CCA security that takes into account novel
types of attacks possible in the stateful setting.

** Ref:** An extended abstract of this paper appeared in
Proceedings of the 13th ACM Conference on Computer and Communications
Security (CCS), ACM, 2006.

** Full paper: ** Available as
compressed postscript, postscript, or
pdf. (
Help if this doesn't work).