A CCA Secure Hybrid Damgård's ElGamal Encryption

ElGamal encryption, by its efficiency, is one of the most used schemes in cryptographic applications. However, the original ElGamal scheme is only provably secure against passive attacks. Damg̊ard proposed a slight modification of ElGamal encryption scheme (named Damg̊ard’s ElGamal scheme) that provides security against non-adaptive chosen ciphertext attacks under a knowledge-of-exponent assumption. Recently, the CCA1-security of Damg̊ard’s ElGamal scheme has been proven under more standard assumptions. In this paper, we study the open problem of CCA2-security of Damg̊ard’s ElGamal. By employing a data encapsulation mechanism, we prove that the resulted hybrid Damg̊ard’s ElGamal Encryption is secure against adaptive chosen ciphertext attacks. The down side is that the proof of security is based on a knowledge-of-exponent assumption. In terms of efficiency, this scheme is more efficient (e.g. one exponentiation less in encryption) than Kurosawa-Desmedt scheme, the most efficient scheme in the standard model so far.