Universidade Federal do Rio de Janeiro
COPPE / PEE - Grupo de Teleinformática e Automação


DHIES: an encryption scheme based on the Diffie-Hellman problem

Michel Abdalla (UC San Diego)

Trabalho conjunto com
Prof. Mihir Bellare (UC San Diego) e Prof. Phillip Rogaway (UC Davis)

24 de novembro de 1999 - Sala H312D às 12:50 h

Candidato a Ph.D. em Ciência da Computação pela University of California at San Diego (UCSD). Mestre em Engenharia Elétrica pela COPPE em 1996.
Áreas de interesse: Sistemas de cifragem com chaves públicas e privadas, mecanismos de assinatura digital, gerenciamento de chaves, comércio eletrônico.


This talk describes DHIES, a public-key encryption scheme based on the Diffie-Hellman problem. The scheme is as efficient as ElGamal encryption, but has stronger security properties. Furthermore, these security properties are proven to hold under appropriate assumptions on the underlying primitives.

DHIES is built in a generic way from lower-level primitives: a symmetric encryption scheme, a message authentication code, group operations in an arbitrary group, and a cryptographic hash function. In particular, the underlying group may be an elliptic-curve group or the multiplicative group of integers modulo a prime number.

We show that DHIES has not only the ``basic'' property of secure encryption (namely privacy under a chosen-plaintext attack) but also achieves privacy under an adaptive chosen-ciphertext attack. (And hence it also achieves non-malleability.)

The proofs of security are based on appropriate assumptions about the hardness of the Diffie-Hellman problem and the assumption that the underlying symmetric primitives are secure. The assumptions are all standard in the sense that no random oracles are involved.

We suggest that DHIES provides an attractive starting point for developing public-key encryption standards based on the Diffie-Hellman assumption. DHIES is already part of several draft standards.