Non-interactive zero-knowledge (NIZK) proofs for chosen-ciphertext security are generally considered to give an impractical construction. An interesting recent work by Seo, Abdalla, Lee, and Park (Information Sciences, July 2019) proposed an efficient semi-generic conversion method for achieving chosen-ciphertext security based on NIZK proofs in the random oracle model. The recent work by Seo et al. demonstrated that the semi-generic conversion method transforms a one-way (OW)-secure key encapsulation mechanism (KEM) into a chosen-ciphertext secure KEM while preserving tight security reduction. This paper shows that the security analysis of the semi-generic conversion method has a flaw, which comes from the OW security condition of the underlying KEM. Without changing the conversion method, this paper presents a revised security proof under the changed conditions that (1) the underlying KEM must be chosen-plaintext secure in terms of indistinguishability and (2) an NIZK proof derived from the underlying KEM via the Fiat–Shamir transform must have the properties of zero-knowledge and simulation soundness. This work extended the security proof strategy to the case of identity-based KEM (IBKEM) and also revise the security proof for IBKEM of previous method by Seo et al. Finally, this work gives a corrected security proof by applying the new proofs to several existing (IB)KEMs.
Revisiting NIZK-Based Technique for Chosen-Ciphertext Security: Security Analysis and Corrected Proofs
