A New Variant of the Cramer-Shoup KEM Secure against Chosen Ciphertext Attack

We propose a new variant of the Cramer-Shoup KEM (key encapsulation mechanism). The proposed variant is more efficient than the original Cramer-Shoup KEM scheme in terms of public key size and encapsulation cost, but is proven to be (still) secure against chosen ciphertext attack in the standard model, relative to the Decisional Diffie-Hellman problem.

[1]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[2]  Roberto Maria Avanzi The Complexity of Certain Multi-Exponentiation Techniques in Cryptography , 2004, Journal of Cryptology.

[3]  Xianhui Lu,et al.  Improved efficiency of Kiltz07-KEM , 2009, Inf. Process. Lett..

[4]  Kaoru Kurosawa,et al.  Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM , 2005, EUROCRYPT.

[5]  Javier Herranz,et al.  The Kurosawa-Desmedt Key Encapsulation is not Chosen-Ciphertext Secure , 2006, IACR Cryptol. ePrint Arch..

[6]  Rosario Gennaro,et al.  A Note on An Encryption Scheme of Kurosawa and Desmedt , 2004, IACR Cryptol. ePrint Arch..

[7]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[8]  Eike Kiltz,et al.  Secure Hybrid Encryption from Weakened Key Encapsulation , 2007, CRYPTO.

[9]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[10]  Eike Kiltz,et al.  Chosen-Ciphertext Secure Key-Encapsulation Based on Gap Hashed Diffie-Hellman , 2007, Public Key Cryptography.

[11]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[12]  Joonsang Baek,et al.  Constructing Strong KEM from Weak KEM (or How to Revive the KEM/DEM Framework) , 2008, SCN.

[13]  Victor Shoup,et al.  A Proposal for an ISO Standard for Public Key Encryption , 2001, IACR Cryptol. ePrint Arch..

[14]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[15]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[16]  Daniel J. Bernstein,et al.  Pippenger's Exponentiation Algorithm , 2002 .

[17]  David Cash,et al.  The Twin Diffie–Hellman Problem and Applications , 2009, Journal of Cryptology.

[18]  Le Trieu Phong,et al.  On Some Variations of Kurosawa-Desmedt Public-Key Encryption Scheme , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[19]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[20]  Bodo Möller,et al.  Faster Multi-exponentiation through Caching: Accelerating (EC)DSA Signature Verification , 2008, SCN.

[21]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.