Tight Security of Twin-DH Hashed ElGamal KEM in Multi-User Setting

抄録

It is an important research area to construct a cryptosystem that satisfies the security for multi-user setting. In addition, it is desirable that such a cryptosystem is tightly secure and the ciphertext size is small. For IND-CCA public key encryption schemes for multi-user setting with constant-size ciphertexts tightly secure under the DH assumptions, in 2020, Y. Sakai and G. Hanaoka firstly proposed such a scheme (implicitly based on hybrid encryption paradigm) under the DDH assumption. More recently, Y. Lee et al. proposed such a hybrid encryption scheme (with slightly stronger security) where the assumption for the KEM part is weakened to the CDH assumption. In this paper, we revisit the twin-DH hashed ElGamal KEM with even shorter ciphertexts than those schemes, and prove that its IND-CCA security for multi-user setting is in fact tightly reducible to the CDH assumption.