Tag-KEM/DEM: A new framework for hybrid encryption

Journal of Cryptology

Volumn 21, Issue 1, 2008, Pages 97-130

  Abe, Masayuki ^a   Gennaro, Rosario ^b   Kurosawa, Kaoru ^c  

^a NTT CORPORATION   (Japan)

^b IBM T J WATSON RESEARCH CENTER   (United States)

^c IBARAKI UNIVERSITY   (Japan)

Author keywords

Hybrid encryption; Key encapsulation; Tag KEM; Threshold encryption

Indexed keywords

HYBRID ENCRYPTION; KEY ENCAPSULATION; THRESHOLD ENCRYPTION;

DATA REDUCTION; ENCAPSULATION; SECURITY OF DATA;

CRYPTOGRAPHY;

EID: 39149130011     PISSN: 09332790     EISSN: 14321378     Source Type: Journal    
DOI: 10.1007/s00145-007-9010-x     Document Type: Article

References (38)

1. M. Abe, Robust distributed multiplication without interaction, in Advances in Cryptology-CRYPTO'99, ed. by M. Wiener. Lecture Notes in Computer Science, vol. 1666 (Springer, Berlin, 1999), pp. 130-147
2. M. Abe, S. Fehr, Adaptively secure Feldman VSS and applications to universally-composable threshold cryptography. IACR ePrint Archive 2004/119, June 10 2004. Preliminary version was presented in CRYPTO 2004
3. M. Abe, R. Gennaro, K. Kurosawa, V. Shoup, Tag-KEM/DEM: a new framework for hybrid encryption and a new analysis of Kurosawa-Desmedt KEM, in Advances in Cryptology-EUROCRYPT 2005, ed. by R. Cramer. Lecture Notes in Computer Science, vol. 3494 (Springer, Berlin, 2005), pp. 128-146. Also available at IACR e-print 2005/027 and 2004/194
4. M. Bellare, P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in First ACM Conference on Computer and Communication Security (Association for Computing Machinery, 1993), pp. 62-73
5. M. Ben-Or, S. Goldwasser, A. Wigderson, Completeness theorems for non-cryptographic fault-tolerant distributed computation, in Proceedings of the 20th Annual ACM Symposium on the Theory of Computing, pp. 1-10, 1988
6. K. Bentahar, P. Farshim, M. Malone-Lee, N. Smart, Generic constructions of identity-based and certificateless KEMs. IACR e-print Archive 058/2005, 2005
7. D. Bleichenbacher, Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1, in Advances in Cryptology-CRYPTO'98, ed. by H. Krawczyk. Lecture Notes in Computer Science, vol. 1462 (Springer, Berlin, 1998), pp. 1-12
8. D. Boneh, Simplified OAEP for the RSA and Rabin functions, in Advances in Cryptology-CRYPTO 2001, ed. by J. Killian. Lecture Notes in Computer Science, vol. 2139 (Springer, Berlin, 2001), pp. 275-291
9. D. Boneh, X. Boyen, Efficient selective-ID secure identity based encryption, in Advances in Cryptology-EUROCRYPT 2004. Lecture Notes in Computer Science, vol. 3027 (Springer, Berlin, 2004), pp. 223-238
10. D. Boneh, J. Katz, Improved efficiency for CCA-secure cryptosystems built using identity-based encryption. Technical Report 2004/261, IACR ePrint archive, 2004
11. X. Boyen, Q. Mei, B. Waters, Direct chosen ciphertext security from identity-based techniques, in ACM Conference on Computer and Communications Security (ACM, 2005), pp. 320-329. Also available at IACR e-print 2005/288
12. D. Boneh, X. Boyen, S. Halevi, Chosen ciphertext secure public key threshold encryption without random oracles, in Topics in Cryptology-CT-RSA 2006, ed. by T. Rabin, S. Halevi. Lecture Notes in Computer Science, vol. 3860 (Springer, Berlin, 2006), pp. 226-243
13. R. Canetti, S. Goldwasser, An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack, in Advances in Cryptology-EUROCRYPT'99, ed. by J. Stern. Lecture Notes in Computer Science, vol. 1592 (Springer, Berlin, 1999), pp. 90-106
14. R. Canetti, H. Krawczyk, J. Nielsen, Relaxing chosen-ciphertext security, in Advances in Cryptology-CRYPTO 2003, ed. by D. Boneh. Lecture Notes in Computer Science, vol. 2729 (Springer, Berlin, 2003), pp. 565-582. Also available at IACR ePrint archive 2003/174
15. R. Canetti, S. Halevi, J. Katz, Chosen-ciphertext security from identity-based encryption, in Advances in Cryptology-EUROCRYPT 2004. Lecture Notes in Computer Science, vol. 3027 (Springer, Berlin, 2004), pp. 207-222
16. R. Cramer, V. Shoup, A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack, in Advances in Cryptology-CRYPTO'98, ed. by H. Krawczyk. Lecture Notes in Computer Science, vol. 1462 (Springer, Berlin, 1998), pp. 13-25
17. R. Cramer, V. Shoup, Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption, in Advances in Cryptology-EUROCRYPTO 2002, ed. by L. Knudsen. Lecture Notes in Computer Science, vol. 2332 (Springer, Berlin, 2002), pp. 45-64
18. R. Cramer, V. Shoup, Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167-226 (2003)
19. A. Dent, A designer's guide to KEMs, in 9th IMA International Conference on Cryptography and Coding, ed. by K.G. Paterson. Lecture Notes in Computer Science, vol. 2898 (Springer, Berlin, 2003), pp. 133-151
20. Y.G. Desmedt, Y. Frankel, Threshold cryptosystems, in Advances in Cryptology-CRYPTO'89, ed. by G. Brassard. Lecture Notes in Computer Science, vol. 435 (Springer, Berlin, 1990), pp. 307-315
21. D. Dolev, C. Dwork, M. Naor, Nonmalleable cryptography. SIAM J. Comput. 30(2), 391-437 (2000)
22. E. Fujisaki, T. Okamoto, Secure integration of asymmetric and symmetric encryption schemes, in Advances in Cryptology-CRYPTO'99, ed. by M. Wiener. Lecture Notes in Computer Science, vol. 1666 (Springer, Berlin, 1999), pp. 537-554
23. R. Gennaro, V. Shoup, A note on an encryption scheme of Kurosawa and Desmedt. Technical Report 2004/194, IACR ePrint archive, 2004
24. C. Gentry, How to compress Rabin ciphertexts and signatures (and more), in Advances in Cryptology-CRYPTO 2004, ed. by M. Franklin. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 179-200
25. O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or a completeness theorem for protocols with honest majority, in Proceedings of the 19th annual ACM Symposium on the Theory of Computing, New York City, pp. 218-229, 1987
26. J. Herranz, D. Hofheinz, E. Kiltz, The Kurosawa-Desmedt key encapsulation is not chosen-ciphertext secure. IACR e-print Archive 2006/207, 2005
27. S. Jarecki, A. Lysyanskaya, Adaptively secure threshold cryptography: introducing concurrency, removing erasures (extended abstract), in Advances in Cryptology-EUROCRYPT 2000. Lecture Notes in Computer Science, vol. 1807 (Springer, Berlin, 2000), pp. 221-242
28. E. Kiltz, Chosen-ciphertext security from tag-based encryption, in Theory of Cryptography-TCC'06, ed. by S. Halevi, T. Rabin. Lecture Notes in Computer Science, vol. 3876 (Springer, Berlin, 2006), pp. 581-600
29. K. Kurosawa, Y. Desmedt, A new paradigm of hybrid encryption scheme, in Advances in Cryptology-CRYPTO 2004, ed. by M. Franklin. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 426-442
30. P. MacKenzie, M.K. Reiter, K. Yang, Alternatives to non-malleability: definitions, constructions, and applications, in Theory of Cryptography-TCC'04, ed. by M. Naor. Lecture Notes in Computer Science, vol. 2951 (Springer, Berlin, 2004), pp. 171-190
31. W. Nagao, Y. Manabe, T. Okamoto, A universally composable secure channel based on the KEM-DEM framework, in Theory of Cryptography-TCC'05. Lecture Notes in Computer Science, vol. 3378 (Springer, Berlin, 2005), pp. 426-444
32. M. Naor, M. Yung, Public-key cryptosystems provably secure against chosen ciphertext attacks. In Proceedings of the 22nd annual ACM Symposium on the Theory of Computing, pp. 427-437, 1990
33. T. Okamoto, D. Pointcheval, REACT: Rapid enhanced-security asymmetric cryptosystem transform, in RSA'2001. Lecture Notes in Computer Science (Springer, Berlin, 2001)
34. C. Rackoff, D. Simon, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack, in Advances in Cryptology-CRYPTO'91. Lecture Notes in Computer Science, vol. 576 (Springer, Berlin, 1992), pp. 433-444
35. V. Shoup, Using hash functions as a hedge against chosen ciphertext attack, in Advances in Cryptology-EUROCRYPT 2000. Lecture Notes in Computer Science, vol. 1807 (Springer, Berlin, 2000), pp. 275-288
36. V. Shoup, OAEP reconsidered, in Advances in Cryptology-CRYPTO 2001. Lecture Notes in Computer Science, vol. 2139 (Springer, Berlin, 2001), pp. 239-259
37. V. Shoup, ISO 18033-2: An emerging standard for public-key encryption (committee draft). Available at http://shoup.net/iso/, June 3 2004
38. V. Shoup, R. Gennaro, Securing threshold cryptosystems against chosen ciphertext attack. J. Cryptol. 15(2), 75-96 (2002)