A Construction of Cramer-Shoup Like Encryption Protocols Based on the Anshel-Anshel-Goldfeld Key Exchange Protocol

We propose a secure encryption protocol on nonabelian groups. We follow the line of the construction of the Cramer-Shoup encryption protocol, which is proved to be indistinguishable against adaptive chosen ciphertext attack (INDCCA, for short) by refining the ElGamal encryption protocol. In our protocol, the Anshel-Anshel-Goldfeld key exchange protocol plays the role of the Diffie-Hellman key exchange protocol in the Cramer-Shoup protocol. We then prove that the proposed protocol is indistinguishable against adaptive chosen ciphertext attacks in a slightly restricted sense, what we call the IND-rCCA security. The security notion of IND-rCCA is weaker than that of IND-CCA in a sense that the adversary's query is somewhat restricted in the security game.