Stateful public-key cryptosystems: How to encrypt with one 160-bit exponentiation

Mihir Bellare, Tadayoshi Kohno, Victor Shoup

Research output: Contribution to journalConference article


We show how to significantly speed-up the encryption portion of some public-key cryptosystems by the simple expedient of allowing a sender to maintain state that is re-used across different encryptions.In particular we present stateful versions of the DHIES and Kurosawa-Desmedt schemes that each use only 1 exponentiation to encrypt, as opposed to 2 and 3 respectively in the original schemes, yielding the fastest discrete-log based public-key encryption schemes known in the random-oracle and standard models respectively. The schemes are proven to meet an appropriate extension of the standard definition of IND-CCA security that takes into account novel types of attacks possible in the stateful setting.

Original languageEnglish (US)
Article number1180452
Pages (from-to)380-389
Number of pages10
JournalProceedings of the ACM Conference on Computer and Communications Security
StatePublished - Dec 1 2006
EventCCS 2006: 13th ACM Conference on Computer and Communications Security - Alexandria, VA, United States
Duration: Oct 30 2006Nov 3 2006



  • Cryptography
  • Public-key encryption

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this