Encoding-free ELGamal-type encryption schemes on elliptic curves

Abstract

At PKC 2006, Chevallier-Mames, Paillier, and Pointcheval proposed a very elegant technique over cyclic subgroups of 𝔽∗p eliminating the need to encode the message as a group element in the ElGamal encryption scheme. Unfortunately, it is unclear how to adapt their scheme over elliptic curves. In a previous attempt, Virat suggested an adaptation of ElGamal to elliptic curves over the ring of dual numbers as a way to address the message encoding issue. Advantageously the resulting cryptosystem does not require encoding messages as points on an elliptic curve prior to their encryption. Unfortunately, it only provides one-wayness and, in particular, it is not (and was not claimed to be) semantically secure. This paper revisits Virat’s cryptosystem and extends the Chevallier- Mames et al.’s technique to the elliptic curve setting. We consider elliptic curves over the ring ℤ/p2ℤ and define the underlying class function. This yields complexity assumptions whereupon we build new ElGamal-type encryption schemes. The so-obtained schemes are shown to be semantically secure and make use of a very simple message encoding: messages being encrypted are viewed as elements in the range [0, p − 1]. Further, our schemes come equipped with a partial ring-homomorphism property: anyone can add a constant to an encrypted message –or– multiply an encrypted message by a constant. This can prove helpful as a blinding method in a number of applications. Finally, in addition to practicability, the proposed schemes also offer better performance in terms of speed, memory, and bandwidth.