New technique for chosen-ciphertext security based on non-interactive zero-knowledge

In this study, we propose a new method for conversion from a one-way (OW)-secure key encapsulation mechanism (KEM) into a chosen-ciphertext (CCA) secure KEM in the random oracle model. Our conversion method is based on the non-interactive zero-knowledge (NIZK) proof system for proving the relationships (e.g., equality or linearity) of discrete logarithms, where the security analysis of our conversion method depends on the NIZK properties of soundness and zero-knowledge. Our conversion method achieves tight security reduction and it is semi-generic in the sense that other than OW-security, a KEM should be NIZK-compatible. From a theoretical viewpoint, our conversion method can be considered as the corresponding approach for obtaining an efficient signature by applying the Fiat-Shamir transform to the NIZK system. We applied our conversion method to several OW-secure (identity-based) KEMs and compared the results with those obtained by previous methods for achieving CCA security. (C) 2019 Elsevier Inc. All rights reserved.