Efficient key encapsulation mechanisms with tight security reductions to standard assumptions in the two security models

Efficient key encapsulation mechanisms with tight security reductions to standard assumptions in the two security models

In this paper, we propose two new practical constructions of chosen ciphertext attack secure (CCA secure) key encapsulation mechanisms (KEM, which is the main building block for public key encryption in hybrid encryption), with remarkable security features: Our KEMs can be proved not only to satisfy...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Security and communication networks 2016-08, Vol.9 (12), p.1676-1697
Hauptverfasser: Hanatani, Yoshikazu, Hanaoka, Goichiro, Matsuda, Takahiro, Yamakawa, Takashi
Format: Artikel
Sprache:eng
Schlagworte:
CCA security
Computational efficiency
constrained CCA security
Construction
Construction costs
Encapsulation
Encryption
key encapsulation mechanism
Mathematical models
public key encryption
random oracle model
Reduction
Security
standard model
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper, we propose two new practical constructions of chosen ciphertext attack secure (CCA secure) key encapsulation mechanisms (KEM, which is the main building block for public key encryption in hybrid encryption), with remarkable security features: Our KEMs can be proved not only to satisfy CCA security (or constrained CCA security introduced by Hofheinz and Kiltz at CRYPTO'07) in the standard model with a tight security reduction to a basic indistinguishability‐type assumption but also to be CCA secure in the random oracle model with a tight security reduction to a basic computational‐type assumption. Our first construction is based on the Diffie–Hellman‐type assumptions, and compared with the KEM by Shoup at EUROCRYPT'00 that has security reductions in two security models (but its security proof in the random model is a loose reduction), our proposed KEM has a smaller ciphertext size with the same computational costs, and more importantly, ours has a tight security reduction also in the random oracle model. Our second construction is based on assumptions related to integer factoring, and compared with the KEM by Hofheinz and Kiltz at CRYPTO'99 that also has tight security reductions in two security models to factoring‐related assumptions, our proposed KEM has similar efficiency (both ciphertext size and computational costs) and bases the security on incomparable assumptions. Copyright © 2016 John Wiley & Sons, Ltd. We propose two new practical constructions of chosen ciphertext secure key encapsulation mechanism (KEM). Each of constructions has a tight security reduction to a search problem in the random oracle model and another tight security reduction to a distinguish problem in the standard model. The first construction is based on the DiffieŰHellman‐type assumptions, and the second construction is based on factoring‐related assumption. Both constructions achieve similar efficiency compared with other practical KEMs based on the same type computational assumptions.
ISSN:1939-0114
1939-0122
DOI:10.1002/sec.1444