Revisiting NIZK-based technique for chosen-ciphertext security: Security analysis and corrected proofs

Youngkyung Lee, Dong Hoon Lee, Jong Hwan Park

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)


Non-interactive zero-knowledge (NIZK) proofs for chosen-ciphertext security are generally considered to give an impractical construction. An interesting recent work by Seo, Abdalla, Lee, and Park (Information Sciences, July 2019) proposed an efficient semi-generic conversion method for achieving chosen-ciphertext security based on NIZK proofs in the random oracle model. The recent work by Seo et al. demonstrated that the semi-generic conversion method transforms a one-way (OW)-secure key encapsulation mechanism (KEM) into a chosen-ciphertext secure KEM while preserving tight security reduction. This paper shows that the security analysis of the semi-generic conversion method has a flaw, which c omes f rom t he OW s ecurity c ondition of t he underlying KEM. Without changing the conversion method, this paper presents a revised security proof under the changed conditions that (1) the underlying KEM must be chosen-plaintext secure in terms of indistinguishability and (2) an NIZK proof derived from the underlying KEM via the Fiat–Shamir transform must have the properties of zero-knowledge and simulation soundness. This work extended the security proof strategy to the case of identity-based KEM (IBKEM) and also revise the security proof for IBKEM of previous method by Seo et al. Finally, this work gives a corrected security proof by applying the new proofs to several existing (IB)KEMs.

Original languageEnglish
Article number3367
JournalApplied Sciences (Switzerland)
Issue number8
Publication statusPublished - 2021 Apr 2


  • Chosen-ciphertext security
  • NIZK
  • Random oracle model
  • Tight security reduction

ASJC Scopus subject areas

  • Materials Science(all)
  • Instrumentation
  • Engineering(all)
  • Process Chemistry and Technology
  • Computer Science Applications
  • Fluid Flow and Transfer Processes


Dive into the research topics of 'Revisiting NIZK-based technique for chosen-ciphertext security: Security analysis and corrected proofs'. Together they form a unique fingerprint.

Cite this