Security on Hybrid Encryption with the Tag-KEM/DEM Framework

The tag-KEM/DEM framework has been proposed by Abe, Gennaro, Kurosawa, and Shoup to explain why the Kurosawa-Desmedt PKE is secure in the sense of IND-CCA2, yet the KEM part are not secure in the sense of IND-CCA2. They have concluded that the Kurosawa-Desmedt KEM satisfies the IND-CCA2 security for tag-KEM. They have shown that an IND-CCA2 secure PKE system can be constructed from an IND-CCA2 tag-KEM system and an IND-OT secure DEM system. Herranz, Hofheinz and Kiltz have shown the necessary and sufficient conditions for the KEM/DEM framework. They also have studied implications and separations among the security notions of KEM. In this paper, we study the necessary and sufficient conditions for the tag-KEM/DEM framework. Moreover, we study implications and separations among the security notions of tag-KEM. By these studies, we show gaps between KEM and tag-KEM about weak and strong non-malleability with respect to the necessary and sufficient conditions in order to obtain the same security levels.

[1]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[2]  Victor Shoup,et al.  A Proposal for an ISO Standard for Public Key Encryption , 2001, IACR Cryptol. ePrint Arch..

[3]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[4]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[5]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[6]  Amit Sahai,et al.  Non-malleable Encryption: Equivalence between Two Notions, and an Indistinguishability-Based Characterization , 1999, CRYPTO.

[7]  Abhi Shelat,et al.  Relations Among Notions of Non-malleability for Encryption , 2007, ASIACRYPT.

[8]  Kaoru Kurosawa,et al.  Advances in Cryptology - ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2-6, 2007, Proceedings , 2007, International Conference on the Theory and Application of Cryptology and Information Security.

[9]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[10]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[11]  Tatsuaki Okamoto,et al.  On the Equivalence of Several Security Notions of Key Encapsulation Mechanism , 2006, IACR Cryptol. ePrint Arch..

[12]  Javier Herranz,et al.  The Kurosawa-Desmedt Key Encapsulation is not Chosen-Ciphertext Secure , 2006, IACR Cryptol. ePrint Arch..

[13]  Kaoru Kurosawa,et al.  Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM , 2005, EUROCRYPT.

[14]  Yvo Desmedt,et al.  A New Paradigm of Hybrid Encryption Scheme , 2004, CRYPTO.

[15]  Javier Herranz,et al.  KEM/DEM: Necessary and Sufficient Conditions for Secure Hybrid Encryption , 2006 .