C&SA | Contents

Volume 62 >>> № 3 MAY — JUNE 2026

-->

UDC 004.056.55

O. Bespalov
G.E. Pukhov Institute for Modelling in Energy Engineering, National Academy of Sciences
of Ukraine, alexb5dh@gmail.com

CONSTRUCTING A CCA-SECURE MODIFICATION OF THE ALGORITHM
SPECIFIED IN DSTU 9041:2020

Abstract. This work presents a modification of the algorithm specified in DSTU 9041:2020 that is secure against both IND-CCA attacks and small-subgroup attacks, and is consistent with the existing National Standards of Ukraine. The Ukrainian State Standard DSTU 9041:2020, adopted in 2020, specifies a hybrid encryption algorithm. As shown in previous studies, it is secure against attacks aimed at recovering the key and the message, and it also provides IND-CPA security. However, it has also been demonstrated that it is not IND-CCA secure and is not secure against small-subgroup attacks. The present work remedies this shortcoming by constructing a modification of the algorithm that is secure against the aforementioned attacks.

Keywords: DSTU 9041, twisted Edwards curves, hybrid encryption, IND-CPA, IND-CCA, DDHP, small subgroups attacks.

full text

REFERENCES

1. DSTU 9041:2020. Information technologies. Cryptographic information protection. Short message encryption algorithm based on twisted Edwards elliptic curves. Effective from 2020-11-01. Kyiv: UkrNDNTS, 2020. IV, 36 p.
2. Katz J., Lindell Y. Introduction to modern cryptography. 2nd ed. Boca Raton: CRC Press, 2014. 577 p. https://doi.org/10.1201/b17668.
3. Bessalov A., Kovalchuk L., Kuchynska N., Telizhenko O. Algorithm for short messages encryption on twisted Edward curves. 20th Central European Conference on Cryptology (CECC 2020). Zagreb, Croatia, June 24–26, 2020. P. 16–17. URL: https://web.math.pmf.unizg.hr/~duje/cecc2020/.
4. Tan G., Zhang R., Ma H., Tao Y. An efficient CCA-secure access control encryption for any policy. In: Information Security and Cryptology. Inscrypt 2020. Wu Y., Yung M. (Eds.). Lecture Notes in Computer Science. Cham: Springer, 2021. Vol. 12612. P. 104–112. https://doi.org/10.1007/978-3-030-71852-7_7.
5. Asano K., Watanabe Y. Updatable public key encryption with strong CCA security: Security analysis and efficient generic construction. In: Topics in Cryptology — CT-RSA 2025. Patra A. (Eds.). Lecture Notes in Computer Science. Cham: Springer, 2025. Vol. 15598. P. 223–246. https://doi.org/10.1007/978-3-031-88661-4_10.
6. Libert B. Leveraging small message spaces for CCA1 security in additively homomorphic and BGN-type encryption. In: Advances in Cryptology — EUROCRYPT 2025. Fehr S., Fouque P.-A. (Eds.). Lecture Notes in Computer Science. Cham: Springer, 2025. Vol. 15602. P. 34–63. https://doi.org/10.1007/978-3-031-91124-8_2.
7. Matsuda T. Chosen ciphertext security via BARGs In: Public-Key Cryptography — PKC 2025. Jager T., Pan J. (Eds.). Lecture Notes in Computer Science. Cham: Springer, 2025. Vol. 15677. P 314–343. https://doi.org/10.1007/978-3-031-91829-2_10.
8. Panja S., Sharifian S., Jiang S., Safavi-Naini R. CCA-secure hybrid encryption in correlated randomness model and KEM combiners. arXiv:2401.00983v2 [cs.CR]. 24 Mar 2024. https://doi.org/10.48550/arXiv.2401.00983.
9. Boneh D. The decision Diffie–Hellman problem. URL: https://crypto.stanford.edu/~dabo/pubs/papers/DDH.pdf.
10. Bespalov O., Davydenko A., Kovalchuk L. Analyzing security of DSTU 9041:2020 and its modifications against distinguishing attacks. Digital Transformation: Strengthening the Cybersecurity Capacities in the Modern World: Materials of the International Scientific and Practical Conference (Krakow, 4–5 November 2025). Krakow, 2025. P. 43–44. URL: https://duikt.edu.ua/uploads/p_2779_38079537.pdf.
11. Schwabe P., Sprenkels D. The complete cost of cofactor h = 1. IACR Cryptology ePrint Archive. Report 2019/1166. 2019. URL: https://eprint.iacr.org/2019/1166.pdf.
12. The Ristretto Group. URL: https://ristretto.group/ristretto.html.
13. Hamburg M. Decaf: Eliminating cofactors through point compression. IACR Cryptology ePrint Archive. Report 2015/673. 2015. URL: https://eprint.iacr.org/2015/673.pdf.
14. Lira C.H., Lee P.J. Key recovery attack on discrete log-based schemes using a prime order subgroup. In: Advances in Cryptology — CRYPTO’97. CRYPTO 1997. Kaliski B.S. (Eds.). Lecture Notes in Computer Science. Berlin; Heidelberg: Springer, 1997. Vol. 1294. P. 249–263. https://doi.org/10.1007/BFb0052240.
15. ECC security: Small subgroup attacks. URL: https://safecurves.cr.yp.to/twist.html.
16. Cofactor explained: Clearing elliptic curves’ dirty little secret. URL: https://loup-vaillant.fr/tutorials/cofactor.
17. Cremers C., Jackson D. Prime, order please! Revisiting small subgroup and invalid curve attacks on protocols using Diffie–Hellman. 2019 IEEE 32nd Computer Security Foundations Symposium (CSF), Hoboken, NJ, USA, 2019. P. 78–93. https://doi.org/10.1109/CSF.2019.00013.
18. DSTU 7624:2014. Cryptographic information protection. Symmetric block encryption algorithm. Effective from 2015-07-01. Kyiv: Ministry of Economic Development of Ukraine, 2015. V, 221 p.
19. Anada H., Arita S. Identification schemes from key encapsulation mechanisms. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences. 2012. Vol. E95-A, N 7. P. 1136–1155. https://doi.org/10.1587/transfun.E95.A.1136.
20. ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. In: Advances in Cryptology. CRYPTO 1984. Blakley G.R., Chaum D. (Eds.). Lecture Notes in Computer Science. Berlin; Heidelberg: Springer, 1985. Vol. 196. P. 10–18 https://doi.org/10.1007/3-540-39568-7_2.
21. Agrikola T., Hofheinz D., Kastner J. on instantiating the algebraic group model from falsifiable assumptions. In: Advances in Cryptology — EUROCRYPT 2020. Canteaut A., Ishai Y. (Eds.). Lecture Notes in Computer Science. Cham: Springer, 2020. Vol. 12106. P. 96–126. https://doi.org/10.1007/978-3-030-45724-2_4.
22. Abdalla M., Bellare M., Rogaway P. The Oracle Diffie–Hellman assumptions and an analysis of DHIES. In: Topics in Cryptology — CT-RSA 2001. Naccache D. (Ed.). Lecture Notes in Computer Science. Springer, 2001. Vol. 2020. P. 143–158. https://doi.org/10.1007/3-540-45353-9_12.
23. ISO/IEC 18033-2:2006. Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers. Geneva: ISO/IEC, 2006. URL: https://www.iso.org/standard/37971.html.
24. Bellare M., Namprempre C. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Advances in Cryptology — ASIACRYPT 2000. Okamoto T. (Ed .). Lecture Notes in Computer Science. Berlin; Heidelberg: Springer, 2000. Vol. 1976. P. 531–545. https://doi.org/10.1007/3-540-44448-3_41.
25. Hirani M. CCA security. CS 407 Cryptography (Fall 2023). Lecturer: D. Heath. 26.09.2023. URL: https://courses.grainger.illinois.edu/CS407/fa2023/Scribe%2010%202.pdf.
26. DSTU 7564:2014. Information technologies. Cryptographic information protection. Hash function (Kupina). Effective from 2015-04-01. Kyiv: Ministry of Economic Development of Ukraine, 2015. III, 33 p.
27. Bellare M. New proofs for NMAC and HMAC: Security without collision resistance. Journal of Cryptology. 2015. Vol. 28. P. 844–878. https://doi.org/10.1007/s00145-014-9185-x.
28. Public comments on the decision proposal to convert FIPS 198-1 to a NIST special publication. Comment period: September 20 – October 20, 2022. URL: https://csrc.nist.gov/csrc/media/Projects/crypto-publication-review-project/documents/decision-proposal-comments/fips198-1-decision-proposal-comments-2022.pdf.
29. Jacobsen H. MACs, EUF-CMA, CBC-MAC, CMAC. TEK4500, University of Oslo, Autumn 2022. URL: https://www.uio.no/studier/emner/matnat/its/TEK4500/h22/lectures/lecture-4---macs-euf-cma-cbc-mac.pdf.
30. Dworkin M. Recommendation for block cipher modes of operation: The CMAC mode for authentication. NIST Special Publication 800-38B. National Institute of Standards and Technology, 2005. URL: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-38b.pdf.
31. Iwata T., Kurosawa K. OMAC: One-key CBC MAC. In: Fast Software Encryption (FSE 2003). Johansson T. (Eds.). Lecture Notes in Computer Science. Berlin; Heidelberg: Springer, 2003. Vol. 2887. P. 129–153. https://doi.org/10.1007/978-3-540-39887-5_11.
32. Alekseychuk A.N., Kovalchuk L.V., Shevtsov A.S., Yakovliev S.V. Cryptographic properties of a new national encryption standard of Ukraine. Cybernetics and Systems Analysis. 2016. Vol. 52, N 3. P. 351–364. https://doi.org/10.1007/s10559-016-9835-0.
33. Oliynykov R.V., Gorbenko I.D., Kazymyrov O.V., et al. A new encryption standard of Ukraine: The Kalyna block cipher. IACR Cryptology ePrint Archive. Report 2015/650. 2015. URL: https://eprint.iacr.org/2015/650.
34. Lin L., Wu W. Improved meet-in-the-middle attacks on reduced-round Kalyna-128/256 and Kalyna-256/512. Designs, Codes and Cryptography. 2018. Vol. 86, N 4. P. 721–741. https://doi.org/10.1007/s10623-017-0353-5.
35. Fu K., Kamara S., Kohno T. Key regression: Enabling efficient key distribution for secure distributed storage (full version; extended abstract in NDSS 2006). URL: https://homes.cs.washington.edu/~yoshi/papers/KR/NDSS06.pdf.
36. Boneh D. Pseudorandom functions and permutations (PRP/PRF Switching). CS255: Introduction to cryptography. Stanford University, Winter 2011. URL: https://crypto.stanford.edu/dabo/courses/cs255_winter11/PRP-PRF.pdf.
37. Jacobsen H. Symmetric encryption, IND-CPA, CTR. TEK4500, University of Oslo, Autumn 2023. URL: https://www.uio.no/studier/emner/matnat/its/TEK4500/h23/lectures/lecture-3---symmetric-encryption-ind-cpa-ctr.pdf.
38. Bellare M., Rogaway P. Introduction to modern cryptography. 2005. URL: https://web.cs.ucdavis.edu/~rogaway/classes/227/spring05/book/main.pdf.
39. Li N. CS 555: Cryptography. Chosen-ciphertext security; Hybrid encryption. Purdue University, Spring 2012. URL: https://www.cs.purdue.edu/homes/ninghui/courses/555_Spring12/555_ Spring12_ topic11.pdf.
40. Roetteler M., Naehrig M., Svore K.M., Lauter K. Quantum resource estimates for computing elliptic curve discrete logarithms. IACR Cryptology ePrint Archive. Report 2017/598. 2017. URL: https://eprint.iacr.org/2017/598.pdf.
41. Quantinuum. Advancements in logical quantum computation: Demonstrations and results (presented at Q2B Silicon Valley). 2024. URL: https://www.quantinuum.com/blog/q2b-2024-advancements-in-logical-quantum-computation.
42. Quantinuum. Introducing helios: The most accurate quantum computer in the world. 2025. URL: https://www.quantinuum.com/blog/introducing-helios-the-most-accurate-quantum-computer-in-the-world.
43. Bos J.W., Kaihara M.E., Kleinjung T., Lenstra A.K., Montgomery P.L. Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction. International Journal of Applied Cryptography. 2012. Vol. 2, N 3. P. 212–228. https://doi.org/10.1504/IJACT.2012.045590.
44. ETSI. ETSI TS 104 015 V1.1.1 (2025-02). Cyber security (CYBER); Quantum-safe cryptography (QSC); Efficient quantum-safe hybrid key exchanges with hidden access policies. Technical Specification. Feb 2025. (Reference: DTS/CYBER-QSC-0023.) URL: https://www.etsi.org/deliver/etsi_ts/104000_104099/104015/01.01.01_60/ts_104015v010101p.pdf.

UDC 004.056.55

CONSTRUCTING A CCA-SECURE MODIFICATION OF THE ALGORITHM SPECIFIED IN DSTU 9041:2020

REFERENCES

CONSTRUCTING A CCA-SECURE MODIFICATION OF THE ALGORITHM
SPECIFIED IN DSTU 9041:2020