TY - GEN

T1 - An IND-CCA2 public-key cryptosystem with fast decryption

AU - Buchmann, Johannes

AU - Sakurai, Kouichi

AU - Takagi, Tsuyoshi

PY - 2002

Y1 - 2002

N2 - We propose an IND-CCA2 public-key cryptosystem with fast decryption, called the NICE-X cryptosystem. Its decryption time is the polynomial time of degree 2 by the bit-length of a public-key D, i.e., O((log |D|)2), and the cost of two hash functions. The NICE-X is an enhancement of the NICE cryptosystem, which is constructed over the quadratic class group Cl(D). We first show that the one-wayness of the encryption of the NICE cryptosystem is as intractable as the Smallest Kernel Equivalent Problem (SKEP). We also prove that the NICE cryptosystem is IND-CPA under the Decisional Kernel Problem (DKP). Then we prove that the NICE-X cryptosystem is IND-CCA2 under the SKEP in the random oracle model. Indeed, the overhead of the decryption of the NICE-X from the NICE is only the cost of one ideal multiplication and two hash functions. Our conversion technique from the NICE to the NICE-X is based on the REACT. However we modify it to be suitable for the NICE. A message of the NICE-X is encrypted with the random mask of the encryption function of the NICE, instead of the encrypted key. Then the reduced security problem of the NICE-X is enhanced from the Gap-SKEP to the SKEP.

AB - We propose an IND-CCA2 public-key cryptosystem with fast decryption, called the NICE-X cryptosystem. Its decryption time is the polynomial time of degree 2 by the bit-length of a public-key D, i.e., O((log |D|)2), and the cost of two hash functions. The NICE-X is an enhancement of the NICE cryptosystem, which is constructed over the quadratic class group Cl(D). We first show that the one-wayness of the encryption of the NICE cryptosystem is as intractable as the Smallest Kernel Equivalent Problem (SKEP). We also prove that the NICE cryptosystem is IND-CPA under the Decisional Kernel Problem (DKP). Then we prove that the NICE-X cryptosystem is IND-CCA2 under the SKEP in the random oracle model. Indeed, the overhead of the decryption of the NICE-X from the NICE is only the cost of one ideal multiplication and two hash functions. Our conversion technique from the NICE to the NICE-X is based on the REACT. However we modify it to be suitable for the NICE. A message of the NICE-X is encrypted with the random mask of the encryption function of the NICE, instead of the encrypted key. Then the reduced security problem of the NICE-X is enhanced from the Gap-SKEP to the SKEP.

UR - http://www.scopus.com/inward/record.url?scp=35248884563&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=35248884563&partnerID=8YFLogxK

U2 - 10.1007/3-540-45861-1_6

DO - 10.1007/3-540-45861-1_6

M3 - Conference contribution

AN - SCOPUS:35248884563

SN - 3540433198

SN - 9783540433194

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 51

EP - 71

BT - Information Security and Cryptology - ICISC 2001 - 4th International Conference, Proceedings

A2 - Kim, Kwangjo

PB - Springer Verlag

T2 - 4th International Conference on Information Security and Cryptology, ICISC 2001

Y2 - 6 December 2001 through 7 December 2001

ER -