Randomness Leakage in the KEM/DEM Framework
نویسندگان
چکیده
Recently, there have been many studies on constructing cryptographic primitives that are secure even if some secret information leaks. In this paper, we consider the problem of constructing public-key encryption schemes that are resilient to leaking the randomness used in the encryption algorithm. In particular, we consider the case in which publickey encryption schemes are constructed from the KEM/DEM framework, and the leakage of randomness in the encryption algorithms of KEM and DEM occurs independently. For this purpose, we define a new security notion for KEM. Then we provide a generic construction of a public-key encryption scheme that is resilient to randomness leakage from any KEM scheme satisfying this security. Also we construct a KEM scheme that satisfies the security under the decisional Diffie-Hellman assumption.
منابع مشابه
A Universally Composable Secure Channel Based on the KEM-DEM Framework
SUMMARY As part of ISO standards on public-key encryption, Shoup introduced the framework of KEM (Key Encapsulation Mechanism), and DEM (Data Encapsulation Mechanism), for formalizing and realizing one-directional hybrid encryption; KEM is a formalization of asymmetric en-cryption specified for key distribution, which DEM is a formalization of symmetric encryption. This paper investigates a mor...
متن کاملOn the Equivalence of Several Security Notions of KEM and DEM
KEM (Key Encapsulation Mechanism) and DEM (Data Encapsulation Mechanism) were introduced by Shoup to formalize the asymmetric encryption specified for key distribution and the symmetric encryption specified for data exchange in ISO standards on public-key encryption. Shoup defined the “semantic security (IND) against adaptive chosen ciphertext attacks (CCA2)” as a desirable security notion of K...
متن کاملHybrid Signcryption Schemes with Outsider Security
This paper expands the notion of a KEM–DEM hybrid encryption scheme to the signcryption setting by introducing the notion of a signcryption KEM, a signcryption DEM and a hybrid signcryption scheme. We present the security criteria that a signcryption KEM and DEM must satisfy in order that the overall signcryption scheme is secure against outsider attacks. We also present ECISS–KEM — a simple, e...
متن کاملKEM/DEM: Necessary and Sufficient Conditions for Secure Hybrid Encryption
The KEM/DEM hybrid encryption paradigm combines the efficiency and large message space of secret key encryption with the advantages of public key cryptography. Due to its simplicity and flexibility, the approach has ever since gained increased popularity and has been successfully adapted in encryption standards. In hybrid public key encryption (PKE), first a key encapsulation mechanism (KEM) is...
متن کاملConstructing Efficient PAKE Protocols from Identity-Based KEM/DEM
In this paper, we propose an efficient identity-based password authenticated key exchange (IBPAKE) protocol using identitybased KEM/DEM. In IBPAKE, a client conducts authentication based on a human-memorable password and a server’s identity. A distinctive feature of IBPAKE protocols, compared to the well-known EKE-type PAKE protocols, is that an adversary who even acquired a user’s password can...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IEICE Transactions
دوره 97-A شماره
صفحات -
تاریخ انتشار 2011