Efficient key encapsulation mechanisms with tight security reductions to standard assumptions in the two security models

Abstract

AbstractIn this paper, we propose two new practical constructions of chosen ciphertext attack secure (CCA secure) key encapsulation mechanisms (KEM, which is the main building block for public key encryption in hybrid encryption), with remarkable security features: Our KEMs can be proved not only to satisfy CCA security (or constrained CCA security introduced by Hofheinz and Kiltz at CRYPTO'07) in the standard model with a tight security reduction to a basic indistinguishability‐type assumption but also to be CCA secure in the random oracle model with a tight security reduction to a basic computational‐type assumption. Our first construction is based on the Diffie–Hellman‐type assumptions, and compared with the KEM by Shoup at EUROCRYPT'00 that has security reductions in two security models (but its security proof in the random model is a loose reduction), our proposed KEM has a smaller ciphertext size with the same computational costs, and more importantly, ours has a tight security reduction also in the random oracle model. Our second construction is based on assumptions related to integer factoring, and compared with the KEM by Hofheinz and Kiltz at CRYPTO'99 that also has tight security reductions in two security models to factoring‐related assumptions, our proposed KEM has similar efficiency (both ciphertext size and computational costs) and bases the security on incomparable assumptions. Copyright © 2016 John Wiley & Sons, Ltd.