STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
New types of cryptanalytic attacks using related keys
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Key-Schedule Cryptoanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Secure Applications of Low-Entropy Keys
ISW '97 Proceedings of the First International Workshop on Information Security
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Foundations of Cryptography: Volume 2, Basic Applications
Foundations of Cryptography: Volume 2, Basic Applications
Direct chosen ciphertext security from identity-based techniques
Proceedings of the 12th ACM conference on Computer and communications security
Characterization of Security Notions for Probabilistic Private-Key Encryption
Journal of Cryptology
The Kurosawa--Desmedt key encapsulation is not chosen-ciphertext secure
Information Processing Letters
Using hash functions as a hedge against chosen ciphertext attack
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Secure hybrid encryption from weakened key encapsulation
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Black-box construction of a non-malleable encryption scheme from any semantically secure one
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Tag-KEM/DEM: a new framework for hybrid encryption and a new analysis of kurosawa-desmedt KEM
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Chosen-Ciphertext security from tag-based encryption
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Parallel decryption queries in bounded chosen ciphertext attacks
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Constructing secure hybrid encryption from key encapsulation mechanism with authenticity
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
A robust and plaintext-aware variant of signed elgamal encryption
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
International Journal of Grid and Utility Computing
Hi-index | 0.00 |
In hybrid public key encryption (PKE), first a key encapsulation mechanism (KEM) is used to fix a random session key that is then fed into a highly efficient data encapsulation mechanism (DEM) to encrypt the actual message. A well-known composition theorem states that if both the KEM and the DEM have a high enough level of security (i.e., security against chosen-ciphertext attacks), then so does the hybrid PKE scheme. It is not known if these strong security requirements on the KEM and DEM are also necessary, nor if such general composition theorems exist for weaker levels of security. Using six different security notions for KEMs, 10 for DEMs, and six for PKE schemes, we completely characterize in this work which combinations lead to a secure hybrid PKE scheme (by proving a composition theorem) and which do not (by providing counterexamples). Furthermore, as an independent result, we revisit and extend prior work on the relations among security notions for KEMs and DEMs.