Advertisement

A New Paradigm of Hybrid Encryption Scheme

  • Kaoru Kurosawa
  • Yvo Desmedt
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3152)

Abstract

In this paper, we show that a key encapsulation mechanism (KEM) does not have to be IND-CCA secure in the construction of hybrid encryption schemes, as was previously believed. That is, we present a more efficient hybrid encryption scheme than Shoup [12] by using a KEM which is not necessarily IND-CCA secure. Nevertheless, our scheme is secure in the sense of IND-CCA under the DDH assumption in the standard model. This result is further generalized to universal2 projective hash families.

Keywords

hybrid encryption KEM standard model 

References

  1. 1.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
  2. 2.
    Boneh, D.: Simplified OAEP for the RSA and rabin functions. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 275–291. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 13. Springer, Heidelberg (1998)Google Scholar
  4. 4.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for chosen ciphertext secure public key encryption, against adaptive chosen ciphertext attack. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 45. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Full length version of [4], http://shoup.net/papers/uhp.pdf
  6. 6.
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing 33(1), 167–226 (2003)MATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 537. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is secure under the RSA assumption. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 260–274. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Krawczyk, H.: LFSR-based hashing and authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129–139. Springer, Heidelberg (1994)Google Scholar
  10. 10.
    Naor, M., Yung, M.: Universal One-Way Hash Functions and their Cryptographic Applications. In: STOC 1989, pp. 33–43 (1989)Google Scholar
  11. 11.
    Rompel, J.: One-Way Functions are Necessary and Sufficient for Secure Signatures. In: STOC 1990, pp. 387–394 (1990)Google Scholar
  12. 12.
    Shoup, V.: Using Hash Functions as a Hedge against Chosen Ciphertext Attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 275–288. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Shoup, V.: OAEP reconsidered. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 239–259. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Kaoru Kurosawa
    • 1
  • Yvo Desmedt
    • 2
    • 3
  1. 1.Ibaraki UniversityJapan
  2. 2.Dept. of Computer ScienceUniversity College LondonUK
  3. 3.Florida State UniversityUSA

Personalised recommendations