This paper highlights a particular construction of a correct KEM without failures and without
ciphertext expansion from any correct deterministic PKE, and presents a simple tight proof of …

We provide new results showing that ElGamal encryption cannot be proven CCA1-secure–a
long-standing open problem in cryptography. Our result follows from a very broad, meta …

We propose the first identity-based encryption (IBE) scheme that is (almost) tightly secure
against chosen-ciphertext attacks. Our scheme is efficient, in the sense that its ciphertext …

Memory tightness of reductions in cryptography, in addition to the standard tightness related
to advantage and running time, is important when the underlying problem can be solved …

This paper describes the limits of various" security proofs", using 36 lattice-based KEMs as
case studies. This description allows the limits to be systematically compared across these …

The standard security notion for digital signatures is “single-challenge”(SC) EUF-CMA
security, where the adversary outputs a single message-signature pair and “wins” if it is a …

We consider a collision search problem (CSP), where given a parameter C, the goal is to
find C collision pairs in a random function f: N → N (where N={0, 1, ..., N-1\}) using S bits of …

We study the memory-tightness of security reductions in public-key cryptography, focusing in
particular on Hashed ElGamal. We prove that any straightline (ie, without rewinding) black …

This paper initiates the study of the provable security of authenticated encryption (AE) in the
memory-bounded setting. Recent works–Tessaro and Thiruvengadam (TCC'18), Jaeger and …

Concrete security proofs give upper bounds on the attacker's advantage as a function of its
time/query complexity. Cryptanalysis suggests however that other resource limitations–most …