Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
RSA-OAEP Is Secure under the RSA Assumption
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Semantically Secure McEliece Public-Key Cryptosystems-Conversions for McEliece PKC
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
RSA-OAEP Is Secure under the RSA Assumption
Journal of Cryptology
Energy Analysis of Public-Key Cryptography for Wireless Sensor Networks
PERCOM '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications
Strengthening Security of RSA-OAEP
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Public-key encryption in a multi-user setting: security proofs and improvements
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Efficient KEMs with partial message recovery
Cryptography and Coding'07 Proceedings of the 11th IMA international conference on Cryptography and coding
Constructing better KEMs with partial message recovery
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Constructing better KEMs with partial message recovery
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
| Hi-index | 0.00 |
In this paper, we consider the problem of building effcient key encapsulation mechanism (KEM) with partial message recovery, in brief, PKEM, which aims at providing better bandwidth for standard KEM. We demonstrate several practical issues that were not considered by the previous research, e.g., the additional security loss due to loose reduction of OAEP, and the ciphertext overhead caused by the corresponding data encapsulation mechanism (DEM). We give solutions to these problems, furthermore, we consider the multichallenge model for PKEMs, where an adversary can obtain up to multiple challenge ciphertexts. Apparently, this is a more severe and more realistic model for PKEM. We then show two generic constructions of PKEMs and prove their security in the multi-challenge model. Our constructions are natural and simple. Finally, we give some instantiations of our generic constructions, and compare their effciency. Our results demonstrate that there are strong ties between PKEM and public key encryption.