Tag-KEM/DEM: A New Framework for Hybrid Encryption
Dr. Masayuki Abe (joint work with Rosario Gennaro and Kaoru Kurosawa)
NTT Japan
This paper presents a novel framework for generic construction of hybrid
encryption schemes which produces more efficient schemes than before. A
known framework introduced by Shoup combines a key encapsulation mechanism
(KEM) and a data encryption mechanism (DEM). While it is sufficient to
require both components to be secure against chosen ciphertext attacks,
Kurosawa and Desmedt showed a particular example of KEM that is not CCA but
can be securely combined with a specific type of CCA DEM yielding more
efficient hybrid encryption scheme. There are also many efficient hybrid
encryption schemes in various settings that do not fit to the framework.
These facts serve as motivation to seek another framework that yields more
efficient schemes.
We propose a new framework which we call Tag-KEM/DEM. It extends the notion
of KEM and accepts much weaker DEM that is only secure against passive
attacks. In addition to the potential efficiency of the resulting schemes,
our framework will provide insightful explanation about existing schemes
that do not fit to the previous framework.
This could result in finding improvements for some schemes. Moreover, it
allows immediate conversion from a class of threshold public-key encryption
to a hybrid one without considerable overhead, which is not possible in the
previous approach.
Short Bio:
Masayuki Abe is a senior researcher in NTT Laboratories. He has been
working in the cryptographic research croup since he joined to NTT in '92.
His research interest includes cryptographic protocol design, zero-knowledge
proofs, digital signatures, public-key encryption, multi-party computation,
and privacy and anonymity issues.