Efficient KEMs with Partial Message Recovery
نویسندگان
چکیده
Constructing efficient and secure encryption schemes is an important motivation for modern cryptographic research. We propose simple and secure constructions of hybrid encryption schemes that aim to keep message expansion to a minimum, in particular for RSA-based protocols. We show that one can encrypt using RSA a message of length |m| bits, at a security level equivalent to a block cipher of κ bits in security, in |m| + 4κ+ 2 bits. This is therefore independent of how large the RSA key length grows as a function of κ. Our constructions are natural and highly practical, but do not appear to have been given any previous formal treatment.
منابع مشابه
Building Better Signcryption Schemes with Tag-KEMs
Signcryption schemes aim to provide all of the advantages of simultaneously signing and encrypting a message. Recently, Dent [8, 9] and Bjørstad [4] investigated the possibility of constructing provably secure signcryption schemes using hybrid KEM-DEM techniques [7]. We build on this work by showing that more efficient insider secure hybrid signcryption schemes can be built using tag-KEMs [1]. ...
متن کاملGeneric Certificateless Key Encapsulation Mechanism
We propose the first generic construction of certificateless key encapsulation mechanism (CL-KEM) in the standard model, which is also secure against malicious-but-passive KGC attacks. It is based on an ID-based KEM, a public key encryption and a message authentication code. The high efficiency of our construction is due to the efficient implementations of these underlying building blocks, and ...
متن کاملA Constructive Perspective on Key Encapsulation
A key-encapsulation mechanism (KEM) is a cryptographic primitive that allows anyone in possession of some party’s public key to securely transmit a key to that party. A KEM can be viewed as a key-exchange protocol in which only a single message is transmitted; the main application is in combination with symmetric encryption to achieve public-key encryption of messages of arbitrary length. The s...
متن کاملKEM/DEM: Necessary and Sufficient Conditions for Secure Hybrid Encryption
The KEM/DEM hybrid encryption paradigm combines the efficiency and large message space of secret key encryption with the advantages of public key cryptography. Due to its simplicity and flexibility, the approach has ever since gained increased popularity and has been successfully adapted in encryption standards. In hybrid public key encryption (PKE), first a key encapsulation mechanism (KEM) is...
متن کاملOn the Impossibility of Constructing Efficient Key Encapsulation and Programmable Hash Functions in Prime Order Groups
In this paper, we discuss the (im)possibility of constructing chosen ciphertext secure (CCA secure) key encapsulation mechanisms (KEMs) with low ciphertext overhead. More specifically, we rule out the existence of algebraic black-box reductions from the (bounded) CCA security of a natural class of KEMs to any non-interactive problem. The class of KEMs captures the structure of the currently mos...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007