KDM-CCA security of the Cramer-Shoup cryptosystem, revisited

An encryption scheme is key-dependent message chosen plaintext attack (KDM-CPA) secure means that it is secure even if an adversary obtains encryptions of messages that depend on the secret key. However, there are not many schemes that are KDM-CPA secure, let alone key-dependent message chosen ciphertext attack (KDM-CCA) secure. So far, only two general constructions, due to Camenisch, Chandran, and Shoup (Eurocrypt 2009), and Hofheinz (Eurocrypt 2013), are known to be KDM-CCA secure in the standard model. Another scheme, a concrete implementation, was recently proposed by Qin, Liu and Huang (ACISP 2013), where a KDM-CCA secure scheme was obtained from the classic Cramer-Shoup (CS) cryptosystem w.r.t. a new family of functions. In this paper, we revisit the KDM-CCA security of the CS-scheme and prove that, in two-user case, the CS-scheme achieves KDM-CCA security w.r.t. richer ensembles, which covers the result of Qin et al. In addition, we present another proof about the result in (QLH13) by extending our approach used in two-user case to n-user case, which achieves a tighter reduction to the decisional Diffie-Hellman (DDH) assumption.