Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM

  • Masayuki Abe
  • Rosario Gennaro
  • Kaoru Kurosawa
  • Victor Shoup
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3494)

Abstract

This paper presents a novel framework for generic construction of hybrid encryption schemes secure against chosen ciphertext attack. Our new framework yields new and more efficient CCA-secure schemes, and provides insightful explanations about existing schemes that do not fit into the previous frameworks. This could result in finding future improvements. Moreover, it allows immediate conversion from a class of threshold public-key encryption to a hybrid one without considerable overhead, which is not possible in the previous approaches.

Finally we present an improved security proof of the Kurosawa-Desmedt scheme, which removes the original need for information-theoretic key derivation and message authentication functions. We show that the scheme can be instantiated with any computationally secure such functions, thus extending the applicability of their paradigm, and improving its efficiency.

References

  1. 1.
    Abe, M.: Robust distributed multiplication without interaction. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 130–147. Springer, Heidelberg (1999)Google Scholar
  2. 2.
    Abe, M., Fehr, S.: Adaptively secure feldman VSS and applications to universally-composable threshold cryptography. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 317–334. Springer, Heidelberg (2004)Google Scholar
  3. 3.
    Abe, M., Gennaro, R., Kurosawa, K.: Tag-KEM/DEM: A new framework for hybrid encryption. IACR ePrint Archive 2005/027 (2005)Google Scholar
  4. 4.
    Bellare, M., Garay, J., Hauser, R., Herzberg, A., Krawczyk, H., Steiner, M., Tsudic, G., Van Herreweghen, E., Waidner, M.: Design, implementation and Deployment of the iKP secure electronic payment system. IEEE JSAC 18(4) (April 2000)Google Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: 1st ACM CCCS, pp. 62–73. Association for Computing Machinery (1993)Google Scholar
  6. 6.
    Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)Google Scholar
  7. 7.
    Boneh, D., Boyen, X.: Efficient Selective-ID Secure Identity Based Encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Katz, J.: Improved efficiency for CCA-secure cryptosystems built using identity-based encryption. IACR ePrint archive, 2004/261 (2004)Google Scholar
  9. 9.
    Canetti, R., Goldwasser, S.: An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 90–106. Springer, Heidelberg (1999)Google Scholar
  10. 10.
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Canetti, R., Krawczyk, H., Nielsen, J.: Relaxing chosen-ciphertext security. IACR ePrint archive, 2003/174 (2003)Google Scholar
  12. 12.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)Google Scholar
  13. 13.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing 33(1), 167–226 (2003)MATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Dodis, Y., An, J.: Concealment and Its Applications to Authenticated Encryption. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 312–329. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Dodis, Y., Gennaro, R., Haastad, J., Krawczyk, H., Rabin, T.: Randomness extraction and key derivation using the CBC, Cascade and HMAC modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004)Google Scholar
  17. 17.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. In: 23rd STOC, New York City, pp. 542–552 (1991)Google Scholar
  18. 18.
    Fouque, P., Pointcheval, D.: Threshold cryptosystems secure against chosen-ciphertext attacks. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 351–368. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  19. 19.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999)Google Scholar
  20. 20.
    Gennaro, R., Shoup, V.: A note on an encryption scheme of Kurosawa and Desmedt. IACR ePrint archive, 2004/194 (2004)Google Scholar
  21. 21.
    Kurosawa, K., Desmedt, Y.: A new paradigm of hybrid encryption scheme. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 426–442. Springer, Heidelberg (2004)Google Scholar
  22. 22.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: 22nd STOC, pp. 427–437 (1990)Google Scholar
  23. 23.
    Okamoto, T., Pointcheval, D.: REACT: Rapid enhanced-security asymmetric cryptosystem transform. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, p. 159. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Rackoff, C., Simon, D.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)Google Scholar
  25. 25.
    Shoup, V.: Using hash functions as a hedge against chosen ciphertext attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 275–288. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  26. 26.
    Shoup, V.: OAEP reconsidered. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 239–259. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  27. 27.
    Shoup, V.: ISO 18033-2: An emerging standard for public-key encryption (committee draft). June 3 (2004), Available at http://shoup.net/iso/
  28. 28.
    Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 1–16. Springer, Heidelberg (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Masayuki Abe
    • 1
  • Rosario Gennaro
    • 2
  • Kaoru Kurosawa
    • 3
  • Victor Shoup
    • 4
  1. 1.NTT Information Sharing Platform LaboratoriesNTT CorporationJapan
  2. 2.IBM T.J.Watson Research CenterUSA
  3. 3.Ibaraki UniversityJapan
  4. 4.New York UniversityUSA

Personalised recommendations