Kurosawa-Desmedt KEM is not CCA2-secure
نویسندگان
چکیده
At CRYPTO 2004, Kurosawa and Desmedt presented a new hybrid encryption scheme that is CCA2-secure in the standard model. Until now it was unknown if the key encapsulation part of the Kurosawa-Desmedt scheme by itself is still CCA2-secure or not. In this note we answer this question to the negative, namely we present a simple CCA2 attack on the Kurosawa-Desmedt key encapsulation mechanism. Our attack further supports the design paradigm of Kurosawa and Desmedt to build CCA2-secure hybrid encryption from weak key encapsulation.
منابع مشابه
Kurosawa-Desmedt Key Encapsulation Mechanism, Revisited and More
While the hybrid public key encryption scheme of Kurosawa and Desmedt (CRYPTO 2004) is provably secure against chosen ciphertext attacks (namely, IND-CCA-secure), its associated key encapsulation mechanism (KEM) is widely known as not IND-CCA-secure. In this paper, we present a direct proof of IND-CCA security thanks to a simple twist on the Kurosawa-Desmedt KEM. Our KEM beats the standardized ...
متن کاملA New Paradigm of Hybrid Encryption Scheme
In this paper, we show that a key encapsulation mechanism (KEM) does not have to be IND-CCA secure in the construction of hybrid encryption schemes, as was previously believed. That is, we present a more efficient hybrid encryption scheme than Shoup [12] by using a KEM which is not necessarily IND-CCA secure. Nevertheless, our scheme is secure in the sense of IND-CCA under the DDH assumption in...
متن کاملA Universally Composable Secure Channel Based on the KEM-DEM Framework
SUMMARY As part of ISO standards on public-key encryption, Shoup introduced the framework of KEM (Key Encapsulation Mechanism), and DEM (Data Encapsulation Mechanism), for formalizing and realizing one-directional hybrid encryption; KEM is a formalization of asymmetric en-cryption specified for key distribution, which DEM is a formalization of symmetric encryption. This paper investigates a mor...
متن کاملThe Kurosawa-Desmedt Key Encapsulation is not Chosen-Ciphertext Secure
At CRYPTO 2004, Kurosawa and Desmedt presented a hybrid public-key encryption scheme that is chosen-ciphertext secure in the standard model. Until now it was unknown if the key-encapsulation part of the Kurosawa-Desmedt scheme by itself is still chosenciphertext secure or not. In this short note we answer this question to the negative, namely we present a simple chosen-ciphertext attack on the ...
متن کاملMAC-free variant of KD04
Kurosawa and Desmedt proposed an efficient hybrid encryption scheme(KD04) which is secure against adaptive chosen ciphertext attacks(IND-CCA) although the underlying KEM(key encapsulation mechanism) is not IND-CCA secure[11]. We show a variant of KD04 which is IND-CCA secure when the the underlying DEM part is IND-CCA secure. We need a DEM built from one-time symmetric encryption scheme and a M...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008