Applying the Fujisaki-Okamoto Conversion to Certificate-based Encryption

Abstract

The Fujisaki-Okamoto (FO) conversion is a generic conversion to enhance a public key encryption scheme with security of one-way against chosen plaintext attacks (OW-CPA) to security of indistinguishable against adaptive chosen ciphertext attacks (IND-CCA) in the random oracle model. Existing works have shown that the FO conversion also can generically upgrade the security of the identity-based encryption (IBE) schemes or certificateless public key encryption (CL-PKE) schemes. However, it is still unknown if the same holds for certificate-based encryption (CBE) schemes. In this paper, we investigate the generic security of the CBE scheme obtained by applying the FO conversion to an arbitrary underlying OW-CBE-CPA secure CBE scheme and confirm that the FO conversion can generically convert any OW-CBE-CPA secure CBE into an IND-CBE-CCA secure CBE. We also note that the straightforward application of the FO conversion only leads to a CBE scheme with a loose reduction. To solve this problem, we propose an enhanced FO conversion which just introduces minor extra computation overhead, but results in considerably more efficient security reduction.