How to convert plaintext to element of cyclic group in Cramer-Shoup cryptosystem

KoiNip

3/22/23, 12:13 AM

I am trying to implement a cramer-shoup cryptosystem but I don't understand how to work with the plaintext I want to encrypt.

From what I understand, the plaintext needs to be converted to an element of the cyclic group G, which was generated with the key. I've checked multiple resources, from the wiki to several papers, and none of them seem to take the time to explain how to convert a plaintext message to an element of G.

The wiki simply says

"Bob converts m into an element of G"

And the paper I'm looking at by Cramer and Shoup simply says

"We also assume that cleartext messages are (or can be encoded as) elements of G (although this condition can be relaxed--see 5.2)"

Even after checking the other part of the paper it referenced there weren't any instructions on how to perform this conversion.

If I have a plaintext message m, how would I convert it to an element of a cyclic group as the process describes? How do you convert a message to an element of a cyclic group?

0 + 0

encryption

public-key

Maeher

3/22/23, 8:45 AM

The easiest way would be not to. Encrypt a random group element and use hybrid encryption. Since your message is not from the group it would appear that you do not actually need the algebraic structure provided by CS. Of you want to directly encrypt the message, you will need to specify the exact group you're using. Afaik there's no generic way to do this.

Maarten Bodewes

3/22/23, 9:54 AM

@Maeher Given the reason for Cramer-Shoup, I suppose you would want to use a non-malleable (i.e. authenticated) mode of operation? Or should that even have a stronger notion of security?

Maeher

3/22/23, 12:38 PM

Combining a CCA secure KEM and a CCA secure symmetric encryption scheme gives you CCA secure hybrid encryption. So, if by authenticated encryption you mean IND-CPA+INT-CTXT, then yes, those imply CCA security.

KoiNip

3/22/23, 7:05 PM

@Maeher Thanks for the explanation. I may be misunderstanding something, so for clarity, what does it mean for a message to be from the group? Does it just mean that the message is a number found in the group?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to convert plaintext to element of cyclic group in Cramer-Shoup cryptosystem

TH: วิธีแปลงข้อความธรรมดาเป็นองค์ประกอบของกลุ่ม cyclic ในระบบเข้ารหัส Cramer-Shoup

RO: Cum se transformă textul simplu în element al grupului ciclic în sistemul criptografic Cramer-Shoup

RU: Как преобразовать открытый текст в элемент циклической группы в криптосистеме Крамера-Шоупа

VI: Cách chuyển đổi bản rõ thành phần tử của nhóm tuần hoàn trong hệ thống mật mã Cramer-Shoup

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.