ECIES-KEM vs. PSEC-KEM
暂无分享,去创建一个
The purpose of this paper is to discuss the similarities and differences between the PSEC-KEM and ECIES-KEM. The schemes are in very similar in some ways: both base their security on the Diffie-Hellman key-agreement protocol and both make heavy use of the random oracle model. However there are a few very important differences: PSEC-KEM is an authenticated KEM whilst ECIES-KEM is unauthenticated, and ECIES-KEM use the Diffie-Hellman keyagreement protocol directly to compute the key whereas PSEC-KEM uses the Diffie-Hellman protocol to compute a mask for a randomly generated key. These differences lead to a major difference in their security proofs: ECIESKEM reduces to the gap Diffie-Hellman problem [5] whilst PSEC-KEM reduces to the weaker computational Diffie-Hellman problem. We will assume that the reader is familiar with the concepts of KEM-DEM constructions and their security proofs. For more information the reader is referred to [3, 4]. Briefly the security of a KEM is defined by the advantage an attacker has in winning a game played against a mythical system. The game is played as follows:
[1] David Pointcheval,et al. The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.
[2] Mihir Bellare,et al. Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.
[3] Ronald Cramer,et al. Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..