Chosen Ciphertext Secure Encryption under Factoring Assumption Revisited

In Eurocrypt 2009, Hofheinz and Kiltz proposed a practical chosen ciphertext (CCA) secure public key encryption under factoring assumption based on Rabin trapdoor one-way permutation. We show that when the modulus is special such that Z(N)* has semi-smooth order, the instantiation of Hofheinz-Kiltz 09 scheme (HK09) over a much smaller subgroup of quadratic residue group (Semi-smooth Subgroup) is CCA secure as long as this type of modulus is hard to be factored. Since the exponent domain of this instantiation is much smaller than the original one, the efficiency is substantially improved. In addition, we show how to construct a practical CCA secure encryption scheme from ElGamal trapdoor one-way function under factoring assumption. When instantiated over Semi-smooth Subgroup, this scheme has even better decryption efficiency than HK09 instantiation.