Provably Secure Length-saving Public-key Encryption Scheme under the Computational Diie-hellman Assumption

A design of secure and eecient public-key encryption schemes under weaker computational assumptions has been regarded as an important and challenging task. As far as ElGamal-type encryption schemes are concerned, some variants of the original ElGamal encryption scheme based on the weaker computational assumption have been proposed. For instance, security of the ElGamal variant of Fujisaki-Okamoto public-key encryption scheme and Cramer and Shoup's encryption scheme is based on the decisional Diie-Hellman assumption (DDH-A). However, security of the recent scheme, such as Pointcheval's ElGamal encryption variant, is based on the computational Diie-Hellman assumption (CDH-A), which is weaker than DDH-A. In this paper, we propose new ElGamal encryption variants whose security is based on CDH-A and EC-CDH-A (the elliptic curve computational Diie-Hellman assumption). Also, we show that the proposed variants are secure against the adaptive chosen-ciphertext attack in the random oracle model. An important feature of the proposed variants is a length-eeciency which provide shorter ciphertexts than those of other proposed schemes.