Stateful Public-Key Cryptosystems: How to Encrypt with One 160-bit Exponentiation

Authors: M. Bellare, T. Kohno and V. Shoup

Abstract: We show how to significantly speed-up the encryption portion of some public-key cryptosystems by the simple expedient of allowing a sender to maintain state that is re-used across different encryptions. In particular we present stateful versions of the DHIES and Kurosawa-Desmedt schemes that each use only one exponentiation to encrypt, as opposed to two and three respectively in the original schemes, yielding the fastest discrete-log based public-key encryption schemes known in the random-oracle and standard models respectively. The schemes are proven to meet an appropriate extension of the standard definition of IND-CCA security that takes into account novel types of attacks possible in the stateful setting.

Ref: An extended abstract of this paper appeared in Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS), ACM, 2006.

Full paper: Available as compressed postscript, postscript, or pdf. ( Help if this doesn't work).