A construction of encryption protocols over some semidirect products

Abstract

Abstract In CANDARW ’18, Isobe et al. proposed a secure encryption protocol on non-abelian groups based on the Anshel–Anshel–Goldfeld key exchange protocol. There have remained two weak points on the protocol: one is that the protocol is indistinguishable against adaptive chosen ciphertext attack (IND-CCA) in a slightly restricted sense, what they call IND-rCCA secure, and the other is that the conditions imposed on groups and hashing schemes are too strict to make the protocol practical. In this article, we propose an IND-CCA secure protocol that resolves those problems. The key idea is to employ some specific semidirect product as platform groups, so that we can achieve the exact IND-CCA security from concise conditions on groups and hashing schemes. Our protocol is not dependent on any computational assumptions on abelian subgroups.