ECIES-KEM vs. PSEC-KEM

The purpose of this paper is to discuss the similarities and differences between the PSEC-KEM and ECIES-KEM. The schemes are in very similar in some ways: both base their security on the Diffie-Hellman key-agreement protocol and both make heavy use of the random oracle model. However there are a few very important differences: PSEC-KEM is an authenticated KEM whilst ECIES-KEM is unauthenticated, and ECIES-KEM use the Diffie-Hellman keyagreement protocol directly to compute the key whereas PSEC-KEM uses the Diffie-Hellman protocol to compute a mask for a randomly generated key. These differences lead to a major difference in their security proofs: ECIESKEM reduces to the gap Diffie-Hellman problem [5] whilst PSEC-KEM reduces to the weaker computational Diffie-Hellman problem. We will assume that the reader is familiar with the concepts of KEM-DEM constructions and their security proofs. For more information the reader is referred to [3, 4]. Briefly the security of a KEM is defined by the advantage an attacker has in winning a game played against a mythical system. The game is played as follows: