Constructing Strong KEM from Weak KEM (or How to Revive the KEM/DEM Framework)

  • Joonsang Baek
  • David Galindo
  • Willy Susilo
  • Jianying Zhou
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5229)


We propose a generic method that transforms a weakly secure KEM, i.e. a KEM which is secure against constrained chosen ciphertext attack (CCCA), to a strongly secure KEM, i.e. a KEM which is secure against full chosen ciphertext attack (CCA). The proposed method does not depend on the random oracle nor any other non- standard assumptions. Using this method, we obtain new efficient hybrid encryption schemes based on Kurosawa&Desmedt and Hofheinz&Kiltz weakly secure KEMs. These are the first hybrid encryption schemes which are as efficient as Kurosawa&Desmedt and Hofheinz&Kiltz encryption schemes, but whose security can be explained in the original KEM/DEM framework.


Encryption Scheme Random Oracle Message Authentication Code Security Notion Cryptology ePrint Archive 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abe, M., Genaro, R., Kurosawa, K., Shoup, V.: Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 128–146. Springer, Heidelberg (2005)Google Scholar
  2. 2.
    Abe, M., Genaro, R., Kurosawa, K.: Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM, Cryptology ePrint Archive, Report 2005/027 (2005) (Last update: 11 October 2006)Google Scholar
  3. 3.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  4. 4.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations Among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)Google Scholar
  5. 5.
    Bellare, M., Namprepre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: ACM-CCS 1993, pp. 62–73. ACM, New York (1993)Google Scholar
  7. 7.
    Boneh, D., Katz, J.: Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 87–103. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Cramer, R., Shoup, V.: A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)Google Scholar
  9. 9.
    Cramer, R., Shoup, V.: Design and Analysis of Practical Public-key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack. SIAM Journal of Computing 33, 167–226 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Cramer, R., Shoup, V.: Signature Schemes Based on the Strong RSA Assumption. ACM Trans. Inf. Syst. Secur. 3(3), 161–185 (2000)CrossRefGoogle Scholar
  11. 11.
    Dent, A.: Hybrid Cryptography, Cryptology ePrint Archive, Report 2004/210 (2004)Google Scholar
  12. 12.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable Cryptography. In: STOC 1991, pp. 542–552. ACM, New York (1991)CrossRefGoogle Scholar
  13. 13.
    Gennaro, R., Shoup, V.: A Note on An Encryption Scheme of Kurosawa and Desmedt, Cryptology ePrint Archive, Report 2004/294 (2004)Google Scholar
  14. 14.
    Herranz, J., Hofheinz, D., Kiltz, E.: The Kurosawa-Desmedt Key Encapsulation is not Chosen-Ciphertext Secure,Cryptology ePrint Archive, Report 2006/207 (2006)Google Scholar
  15. 15.
    Hofheinz, D., Kiltz, E.: Secure Hybrid Encryption from Weakened Key Encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    ISO 18033-2, An Emerging Standard for Public-Key Encryption (2004)Google Scholar
  17. 17.
    Kurosawa, K., Desmedt, Y.: A New Paradigm of Hybrid Encryption Scheme. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 426–442. Springer, Heidelberg (2004)Google Scholar
  18. 18.
    Luby, M., Rackoff, C.: How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM J. Comput. 17(2), 373–386 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Naor, M., Yung, M.: Public-key Cryptosystems Provably Secure against Chosen Ciphertext Attacks. In: STOC 1990, pp. 427–437. ACM, New York (1990)CrossRefGoogle Scholar
  20. 20.
    Okamoto, T.: Authenticated Key Exchange and Key Encapsulation in the Standard Model. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 474–484. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Phan, D., Pointcheval, D.: About the security of ciphers (semantic security and pseudo-random permutations). In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 182–197. Springer, Heidelberg (2004)Google Scholar
  22. 22.
    V. Shoup, A Proposal for an ISO Standard for Public Key Encryption (version 2.1), ISO/IEC JTC 1/SC 27 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Joonsang Baek
    • 1
  • David Galindo
    • 2
  • Willy Susilo
    • 3
  • Jianying Zhou
    • 1
  1. 1.Cryptography and Security DepartmentInstitute for Infocomm ResearchSingapore
  2. 2.Computer Science DepartmentUniversity of Malaga 
  3. 3.Centre for Computer and Information Security Research School of Computer Science and Software EngineeringUniversity of WollongongAustralia

Personalised recommendations