Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM

Abe, Masayuki; Gennaro, Rosario; Kurosawa, Kaoru; Shoup, Victor

doi:10.1007/11426639_8

Cited by 112 publications

(110 citation statements)

References 28 publications

Supporting

Mentioning

109

Contrasting

Order By: Relevance

“…It is well-known that by combining a CCA-secure KEM and a CCA-secure data encryption mechanism (DEM), a CCA-secure PKE scheme is generically obtained [38], and furthermore, there exist some other flexible methods for hybrid encryption as well [1,22]. It is also known that a CCA-secure DEM can be generically constructed from any pseudorandom functions without redundancy [27,33].…”

Section: Key Encapsulation Mechanismsmentioning

confidence: 99%

“…Furthermore, this security also implies universally composable security [11]. So far, many CCA-secure PKE schemes have been proposed, both theoretical ones [31,16,36] and practical ones [14,38,12,26,10,1,25,22], and their security are proven under existence of enhanced trapdoor permutations (for theoretical schemes) or under various number theoretic assumptions (for practical schemes). Theoretical schemes pursue weaker assumptions and practical schemes pursue efficiency.…”

Section: Introductionmentioning

confidence: 99%

“…1 How to Achieve CCA Security. Naor and Yung showed that a non-adaptively CCA-secure encryption scheme can be constructed from any semantically secure encryption [19] and non-interactive zero knowledge (NIZK) proof [4].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Efficient Chosen Ciphertext Secure Public Key Encryption under the Computational Diffie-Hellman Assumption

Hanaoka¹,

Kurosawa

2008

Advances in Cryptology - ASIACRYPT 2008

Self Cite

View full text Add to dashboard Cite

Abstract. Recently Cash, Kiltz, and Shoup [13] showed a variant of the Cramer-Shoup (CS) scheme [14] whose chosen-ciphertext (CCA) security relies on the computational Diffie-Hellman (CDH) assumption. The cost for this high security is that the size of ciphertexts is much longer than the CS scheme (which is based on the decisional Diffie-Hellman assumption). In this paper, we show how to achieve CCA-security under the CDH assumption without increasing the size of ciphertexts. We also show a more efficient scheme under the hashed Diffie-Hellman assumption.Both of our schemes are based on a certain broadcast encryption (BE) scheme while the Cash-Kiltz-Shoup scheme is based on the Twin DH problem. Of independent interest, we also show a generic method of constructing CCA-secure PKE schemes from BE schemes.

show abstract

Section: Key Encapsulation Mechanismsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Efficient Chosen Ciphertext Secure Public Key Encryption under the Computational Diffie-Hellman Assumption

Hanaoka¹,

Kurosawa

2008

Advances in Cryptology - ASIACRYPT 2008

Self Cite

View full text Add to dashboard Cite

show abstract

“…The main procedure of a PKE-BR scheme can be divided into the following phases. From the above procedure, one can see that when a weak public key encryption scheme is applied, m may be potentially leaked and/or modified during any of the following three phases: (1) transmission from Alice to Bob, (2) residing in the storage device of a MSTA, and (3) transmission from the MSTA back to Alice. This justifies the following three security requirements for PKE-BR:…”

Section: Security Requirementsmentioning

confidence: 99%

“…It is known that a key encapsulation mechanism or KEM can be converted to a hybrid encryption [1]. Similar techniques can be applied to construct a PKE-BR scheme from a KEM-BR (KEM with backward recovery).…”

Section: Key Encapsulation With Backward Recoverymentioning

confidence: 99%

Public Key Encryption for the Forgetful

Wei

Zheng

Wang

2012

Cryptography and Security: From Theory to Applications

View full text Add to dashboard Cite

We investigate public key encryption that allows the originator of a ciphertext to retrieve a "forgotten" plaintext from the ciphertext. This type of public key encryption with "backward recovery" contrasts more widely analyzed public key encryption with "forward secrecy". We advocate that together they form the two sides of a whole coin, whereby offering complementary roles in data security, especially in cloud computing, 3G/4G communications and other emerging computing and communication platforms. We formalize the notion of public key encryption with backward recovery, and present two construction methods together with formal analyses of their security. The first method embodies a generic public key encryption scheme with backward recovery using the "encrypt then sign" paradigm, whereas the second method provides a more efficient scheme that is built on Hofheinz and Kiltz's public key encryption in conjunction with target collision resistant hashing. Security of the first method is proved in a two-user setting, whereas the second is in a more general multi-user setting.

show abstract

Public‐Key Encryption and Security Notions

Attrapadung

Matsuda

2022

Asymmetric Cryptography

View full text Add to dashboard Cite

Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM

Cited by 112 publications

References 28 publications

Efficient Chosen Ciphertext Secure Public Key Encryption under the Computational Diffie-Hellman Assumption

Efficient Chosen Ciphertext Secure Public Key Encryption under the Computational Diffie-Hellman Assumption

Public Key Encryption for the Forgetful

Public‐Key Encryption and Security Notions

Contact Info

Product

Resources

About