Secure Length-Saving ElGamal Encryption under the Computational Diffie-Hellman Assumption

A design of secure and efficient public key encryption schemes under weaker computational assumptions has been regarded as an important and challenging task. As far as the ElGamal-type encryption is concerned, some variants of the original ElGamal encryption scheme whose security depends on weaker computational assumption have been proposed: Though the security of the original ElGamal encryption is based on the decisional Diffie-Hellman assumption (DDH-A), the security of recent schemes such as Pointcheval’s ElGamal encryption variant is based on the weaker assumption, the computational Diffie-Hellman assumption (CDH-A). In this paper, we propose a length-saving ElGamal encryption variant whose security is based on CDH-A and analyze its security in the random oracle model. Our scheme is length-efficient and provably secure which provides a shorter ciphertext than that of the Pointcheval’s scheme and a formal proof of security against the chosenciphertext attack.