The Kurosawa--Desmedt key encapsulation is not chosen-ciphertext secure

Authors:
Seung Geol Choi;Javier Herranz;Dennis Hofheinz;Jung Yeon Hwang;Eike Kiltz;Dong Hoon Lee;Moti Yung
Affiliations:
Department of Computer Science, Columbia University, 450 Computer Science Bldg., New York, USA;Dept. Matemàtica Aplicada IV, UPC, Barcelona, Spain;CWI, Amsterdam, The Netherlands;Graduate School of Information Management and Security, Korea University, Seoul, Republic of Korea;CWI, Amsterdam, The Netherlands;Graduate School of Information Management and Security, Korea University, Seoul, Republic of Korea;Department of Computer Science, Columbia University, 450 Computer Science Bldg., New York, USA and Google Inc., 76 Ninth Avenue, New York, NY 10011, USA
Venue:
Information Processing Letters
Year:
2009

Citing 11
Cited 4

Random oracles are practical: a paradigm for designing efficient protocols

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Nonmalleable Cryptography

SIAM Journal on Computing
The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack

SIAM Journal on Computing
Using hash functions as a hedge against chosen ciphertext attack

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Chosen-ciphertext secure key-encapsulation based on gap hashed Diffie-Hellman

PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Secure hybrid encryption from weakened key encapsulation

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Tag-KEM/DEM: a new framework for hybrid encryption and a new analysis of kurosawa-desmedt KEM

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

A New Randomness Extraction Paradigm for Hybrid Encryption

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Some (in)sufficient conditions for secure hybrid encryption

Information and Computation
Plaintext-Awareness of hybrid encryption

CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Relations between constrained and bounded chosen ciphertext security for key encapsulation mechanisms

PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography

Quantified Score

Hi-index	0.89

Visualization

Abstract

At CRYPTO 2004, Kurosawa and Desmedt presented a new hybrid encryption scheme that is chosen-ciphertext (CCA2) secure in the standard model. Until now it was unknown if the key encapsulation part of the Kurosawa-Desmedt scheme by itself is still CCA2-secure or not. In this note we answer this question to the negative, namely we present a simple CCA2 attack on the Kurosawa-Desmedt key encapsulation mechanism. Our attack further supports the design paradigm of Kurosawa and Desmedt to build CCA2-secure hybrid encryption from weak key encapsulation.