Assuming a cryptographically strong cyclic group G of prime order q and a random hash function H, we show that ElGamal encryption with an added Schnorr signature is secure against the adaptive chosen ciphertext attack, in which an attacker can freely use a decryption oracle except for the target ciphertext. We also prove security against the novel one-more-decyption attack. Our security proofs ...

CertiCrypt [1] is a framework that assists the construction of machine-checked cryptographic proofs that can be automatically verified by third parties. To date, CertiCrypt has been used to prove formally the exact security of widely studied cryptographic systems, such as the OAEP padding scheme and the Full Domain Hash digital signature scheme. The purpose of this article is to provide a gentl...

The ElGamal signature([3]) is based on the difficulty of the discrete logarithm problem(DLP). For the ElGamal signature scheme, many variants like the NIST Digital Signature Algorithm(DSA)([10]) and a new signature with a message recovery feature([12]) are proposed. The message recovery feature has the advantage of small signed message length, which is effective especially in applications like ...

Provable security refers to the ability to give rigorous mathematical proofs towards the security of a cryptographic construction; in some sense one of the best possible security guarantees one can attain. These proofs are most often given through so-called reductions to a simpler construction or to some well-studied number-theoretic assumption. This thesis deals with two aspects of such reduct...

Zero-knowledge proof schemes are one of the main building blocks of modern cryptography. Using the Helios voting protocol as a practical example, we show mistakes in the previous understanding of these proof schemes and the resulting security problems. We proceed to deVne a hierarchy of security notions that solidiVes our understanding of proof schemes: weak proof schemes, strong proof schemes ...

One of the fundamental problems of public key cryptography is protecting the private key. Private keys are too long to be remembered by the user, and storing them in the device which performs the private key operation is insecure as long as the device is subject to capture. In this paper, we propose server-assisted protocols for the ElGamal signature scheme which make the system capture resilie...

Limited distribution notes: This report has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher its distribution outside the University of Technology Chemnitz-Zwickau prior to publication should be limited to peer communications and speciic requests. After outside publication, requests should be lled only by rep...

In a previous paper, a version of the Pret a Voter verifiable election scheme using ElGamal encryption and enabling the use of re-encryption mixes was presented. In order to ensure that the construction of the ballot forms mesh with the re-encryption mixes, it was necessary to draw the seed values from a statistical distribution, e.g., a binomial. In this paper we present a similar construction...