Cryptography Reference
In-Depth Information
(using
N
pq
where
p
and
q
are safe primes) has IND-CCA security in the standard
model if the composite residuosity problem is hard (see Definition
24.3.4
). Hofheinz
and Kiltz [
263
] have shown that the Elgamal encryption scheme of Section
23.1
, when
implemented in a certain subgroup of (
=
)
∗
, has IND-CCA security in the random
oracle model if factoring is hard, and in the standard model if a certain higher residuosity
assumption holds.
Finally, we mention that it is standard in cryptography to perform encryption using a
hybrid
system. A typical scenario is to use public key cryptography to encrypt a random
session key
K
1
Z
/N
Z
K
2
. The document is encrypted using a symmetric encryption scheme such
as AES with the key
K
1
. Finally a MAC (message authentication code), with key
K
2
,of
the symmetric ciphertext is appended to ensure the integrity of the transmission.
