Paper 1999/007

DHAES: An Encryption Scheme Based on the Diffie-Hellman Problem

Michel Abdalla, Mihir Bellare, and Phillip Rogaway

Abstract

scheme, DHAES. The scheme is as efficient as ElGamal encryption, but has stronger security properties. Furthermore, these security properties are proven to hold under appropriate assumptions on the underlying primitive. We show that DHAES has not only the ``basic'' property of secure encryption (namely privacy under a chosen-plaintext attack) but also achieves privacy under both non-adaptive and adaptive chosen-ciphertext attacks. (And hence it also achieves non-malleability.) DHAES is built in a generic way from lower-level primitives: a symmetric encryption scheme, a message authentication code, group operations in an arbitrary group, and a cryptographic hash function. In particular, the underlying group may be an elliptic-curve group or the multiplicative group of integers modulo a prime number. The proofs of security are based on appropriate assumptions about the hardness of the Diffie-Hellman problem and the assumption that the underlying symmetric primitives are secure. The assumptions are all standard in the sense that no random oracles are involved. We suggest that DHAES provides an attractive starting point for developing public-key encryption standards based on the Diffie-Hellman assumption.

Metadata
Available format(s)
PS
Publication info
Published elsewhere. Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.
Keywords
Public-Key CryptographyChosen Ciphertext AttacksNon-MalleabilityDiffie-HellmanDiscrete LogEncryption.
Contact author(s)
mihir @ cs ucsd edu
History
1999-03-17: received
Short URL
https://ia.cr/1999/007
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:1999/007,
      author = {Michel Abdalla and Mihir Bellare and Phillip Rogaway},
      title = {{DHAES}: An Encryption Scheme Based on the Diffie-Hellman Problem},
      howpublished = {Cryptology {ePrint} Archive, Paper 1999/007},
      year = {1999},
      url = {https://eprint.iacr.org/1999/007}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.