Constructing Secure Hybrid Encryption from Key Encapsulation Mechanism with Authenticity

  • Yuki Shibuya
  • Junji Shikata
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7089)


In this paper, we propose a new framework for constructing hybrid encryption. Specifically, we propose an authenticated key encapsulation mechanism (AKEM) which plays a role of the public-key part, and show that it is possible to construct IND-CCA secure hybrid encryption by combining AKEM and traditional DEM (data encapsulation mechanism). The feature of AKEM worthy of mention is that it has the function of authenticity in addition to that of KEM and that it effectively uses additional information in its decryption process. The main contribution of our framework AKEM/DEM lies in simply and systematically providing a wide range of constructions for hybrid encryption by extending the idea of tag-KEM/DEM so that several well-known constructions, such as Fujisaki-Okamoto conversion and REACT, which have not been captured within existing frameworks can be successfully captured. In the AKEM/DEM framework, we propose the following three types of constructions for hybrid encryption, and show a sufficient condition on security of AKEM and DEM to prove that the resulting hybrid encryption meets IND-CCA: (i) the first construction uses only a plaintext of DEM as additional information, and it includes Fujisaki-Okamoto conversion; (ii) the second construction uses both a plaintext and a ciphertext of DEM as additional information, and it includes REACT; and (iii) the third construction uses only a ciphertext of DEM as additional information, and it includes almost all constructions of tag-KEM/DEM. Furthermore, we show that the basic ideas behind constructions of Fujisaki-Okamoto conversion, REACT and tag-KEM can be successfully extended to all types of AKEM by slightly modifying them if necessary.


Security Parameter Message Authentication Code Security Notion Collision Resistant Choose Ciphertext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abe, M., Cui, Y., Imai, H., Kiltz, E.: Efficient Hybrid Encryption from ID-Based Encryption. J. Design. Codes and Cryptography 54, 205–240 (2010)CrossRefzbMATHMathSciNetGoogle Scholar
  2. 2.
    Abe, M., Gennaro, R., Kurosawa, K.: Tag-KEM/DEM: A New Framework for Hybrid Encryption. J. Cryptology 21(1), 97–130 (2008)CrossRefzbMATHMathSciNetGoogle Scholar
  3. 3.
    Abe, M., Gennaro, R., Kurosawa, K., Shoup, V.: Tag-KEM/DEM: A New Framework for Hybrid Encryption and a New Analysis of Kurosawa-Desmedt KEM. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 128–146. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. SIAM J. Computing 36(5), 1301–1328 (2007)CrossRefzbMATHMathSciNetGoogle Scholar
  5. 5.
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Computing 33, 167–226 (2003)CrossRefzbMATHMathSciNetGoogle Scholar
  6. 6.
    Fujisaki, E., Okamoto, T.: Secure Integration of Asymmetric and Symmetric Encryption Schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  7. 7.
    Hofheinz, D., Herranz, J., Kiltz, E.: Some (in)sufficient conditions for secure hybrid encryption. J. Information and Computation 208(11), 1243–1257 (2010)CrossRefzbMATHMathSciNetGoogle Scholar
  8. 8.
    Hofheinz, D., Kiltz, E.: Secure Hybrid Encryption from Weakened Key Encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Kurosawa, K., Desmedt, Y.G.: A New Paradigm of Hybrid Encryption Scheme. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 426–442. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Okamoto, T., Pointcheval, D.: REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 159–174. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Shoup, V.: Using Hash Functions as a Hedge against Chosen Ciphertext Attack. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 275–288. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Shoup, V.: ISO 18033-2: An emerging standard for public-key encryption (committee draft),

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Yuki Shibuya
    • 1
  • Junji Shikata
    • 1
  1. 1.Graduate School of Environment and Information SciencesYokohama National UniversityJapan

Personalised recommendations