Public-key encryption scheme with selective opening chosen-ciphertext security based on the Decisional Diffie–Hellman assumption


  • Shengli Liu,

    Corresponding author
    1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China
    • Correspondence to: Shengli Liu, Department of Computer Science, Shanghai Jiao Tong University, 800 Dong Chuan Rd., Shanghai 200240, China.


    Search for more papers by this author
  • Fangguo Zhang,

    1. School of Information Science and Technology, Sun Yat-sen University, Guangzhou, China
    Search for more papers by this author
  • Kefei Chen

    1. School of Science, Hangzhou Normal University, Hangzhou, China
    2. Shanghai Key Laboratory of Scalable Computing and Systems, Shanghai
    3. Science and Technology on Communication Security Laboratory, Chengdu, China
    Search for more papers by this author


Chosen-ciphertext security has been well-accepted as a standard security notion for public-key encryption. But in a multi-user surrounding, it may not be sufficient, because the adversary may corrupt some users to obtain the random coins as well as the plaintexts used to generate ciphertexts. The attack is named ‘selective opening attack’. We study how to achieve full-fledged chosen-ciphertext security in selective opening setting directly from the Decisional Diffie–Hellman assumption. Our construction is actually a tag-based public-key encryption scheme free of chameleon hashing and has a tight security reduction to the Decisional Diffie–Hellman assumption and the collision-resistant assumption of hash functions. The tag for each ciphertext is generated in a flexible way to serve the chosen-ciphertext security proof in selective opening settings. Copyright © 2013 John Wiley & Sons, Ltd.