Some (in)sufficient conditions for secure hybrid encryption

Authors:
Javier Herranz;Dennis Hofheinz;Eike Kiltz
Affiliations:
Dept. Matemàtica Aplicada IV, Universitat Politècnica de Catalunya, Barcelona, Spain;Karlsruher Institute für Technologie, Germany;Centrum Wiskunde en Informatica, Amsterdam, The Netherlands
Venue:
Information and Computation
Year:
2010

Citing 21
Cited 5

Non-malleable cryptography

STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
New types of cryptanalytic attacks using related keys

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Non-malleable Encryption: Equivalence between Two Notions, and an Indistinguishability-Based Characterization

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Key-Schedule Cryptoanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of LOKI91

ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation

FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Secure Applications of Low-Entropy Keys

ISW '97 Proceedings of the First International Workshop on Information Security
A Concrete Security Treatment of Symmetric Encryption

FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack

SIAM Journal on Computing
Foundations of Cryptography: Volume 2, Basic Applications

Foundations of Cryptography: Volume 2, Basic Applications
Direct chosen ciphertext security from identity-based techniques

Proceedings of the 12th ACM conference on Computer and communications security
Characterization of Security Notions for Probabilistic Private-Key Encryption

Journal of Cryptology
The Kurosawa--Desmedt key encapsulation is not chosen-ciphertext secure

Information Processing Letters
Using hash functions as a hedge against chosen ciphertext attack

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Secure hybrid encryption from weakened key encapsulation

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Black-box construction of a non-malleable encryption scheme from any semantically secure one

TCC'08 Proceedings of the 5th conference on Theory of cryptography
Tag-KEM/DEM: a new framework for hybrid encryption and a new analysis of kurosawa-desmedt KEM

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Chosen-Ciphertext security from tag-based encryption

TCC'06 Proceedings of the Third conference on Theory of Cryptography

Parallel decryption queries in bounded chosen ciphertext attacks

PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Constructing secure hybrid encryption from key encapsulation mechanism with authenticity

IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Relations between constrained and bounded chosen ciphertext security for key encapsulation mechanisms

PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
A robust and plaintext-aware variant of signed elgamal encryption

CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
More DCCA-secure public-key encryptions from KEM + DEM style hybrid paradigms and some observations on the 'inner-outer' structure

International Journal of Grid and Utility Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

In hybrid public key encryption (PKE), first a key encapsulation mechanism (KEM) is used to fix a random session key that is then fed into a highly efficient data encapsulation mechanism (DEM) to encrypt the actual message. A well-known composition theorem states that if both the KEM and the DEM have a high enough level of security (i.e., security against chosen-ciphertext attacks), then so does the hybrid PKE scheme. It is not known if these strong security requirements on the KEM and DEM are also necessary, nor if such general composition theorems exist for weaker levels of security. Using six different security notions for KEMs, 10 for DEMs, and six for PKE schemes, we completely characterize in this work which combinations lead to a secure hybrid PKE scheme (by proving a composition theorem) and which do not (by providing counterexamples). Furthermore, as an independent result, we revisit and extend prior work on the relations among security notions for KEMs and DEMs.