Bodo Moeller Dept of Mathematics and Statistics University of Calgary A Public-Key Encryption Scheme with Pseudo-Random Ciphertexts This talk presents a practical public-key encryption scheme that is secure in the usually expected sense of security under adaptive chosen-ciphertext attack (CCA) and additionally has pseudo-random ciphertexts, i.e. ciphertexts indistinguishable from random bit strings. While pseudo-randomness of ciphertexts is a natural property for many schemes in symmetric cryptography, it is unusual for public-key cryptography; but this property is needed when the very existence of an encrypted message is to be hidden (steganography). The new scheme uses elliptic curve cryptography so that messages incur only modest bit length growth during encryption, which is particularly useful for steganography.