Tag-KEM/DEM: A New Framework for Hybrid Encryption and New Analysis of Kurosawa-Desmedt KEM
نویسندگان
چکیده
This paper presents a novel framework for generic construction of hybrid encryption schemes secure against chosen ciphertext attack. Our new framework yields new and more efficient CCA-secure schemes, and provides insightful explanations about existing schemes that do not fit into the previous frameworks. This could result in finding future improvements. Moreover, it allows immediate conversion from a class of threshold public-key encryption to a hybrid one without considerable overhead, which is not possible in the previous approaches. Finally we present an improved security proof of the KurosawaDesmedt scheme, which removes the original need for informationtheoretic key derivation and message authentication functions. We show that the scheme can be instantiated with any computationally secure such functions, thus extending the applicability of their paradigm, and improving its efficiency.
منابع مشابه
Kurosawa-Desmedt KEM is not CCA2-secure
At CRYPTO 2004, Kurosawa and Desmedt presented a new hybrid encryption scheme that is CCA2-secure in the standard model. Until now it was unknown if the key encapsulation part of the Kurosawa-Desmedt scheme by itself is still CCA2-secure or not. In this note we answer this question to the negative, namely we present a simple CCA2 attack on the Kurosawa-Desmedt key encapsulation mechanism. Our a...
متن کاملMAC-free variant of KD04
Kurosawa and Desmedt proposed an efficient hybrid encryption scheme(KD04) which is secure against adaptive chosen ciphertext attacks(IND-CCA) although the underlying KEM(key encapsulation mechanism) is not IND-CCA secure[11]. We show a variant of KD04 which is IND-CCA secure when the the underlying DEM part is IND-CCA secure. We need a DEM built from one-time symmetric encryption scheme and a M...
متن کاملA New Paradigm of Hybrid Encryption Scheme
In this paper, we show that a key encapsulation mechanism (KEM) does not have to be IND-CCA secure in the construction of hybrid encryption schemes, as was previously believed. That is, we present a more efficient hybrid encryption scheme than Shoup [12] by using a KEM which is not necessarily IND-CCA secure. Nevertheless, our scheme is secure in the sense of IND-CCA under the DDH assumption in...
متن کاملKurosawa-Desmedt Key Encapsulation Mechanism, Revisited and More
While the hybrid public key encryption scheme of Kurosawa and Desmedt (CRYPTO 2004) is provably secure against chosen ciphertext attacks (namely, IND-CCA-secure), its associated key encapsulation mechanism (KEM) is widely known as not IND-CCA-secure. In this paper, we present a direct proof of IND-CCA security thanks to a simple twist on the Kurosawa-Desmedt KEM. Our KEM beats the standardized ...
متن کاملA Universally Composable Secure Channel Based on the KEM-DEM Framework
SUMMARY As part of ISO standards on public-key encryption, Shoup introduced the framework of KEM (Key Encapsulation Mechanism), and DEM (Data Encapsulation Mechanism), for formalizing and realizing one-directional hybrid encryption; KEM is a formalization of asymmetric en-cryption specified for key distribution, which DEM is a formalization of symmetric encryption. This paper investigates a mor...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005