Abstract

In this paper, we present novel constructions of chosen-ciphertext secure (CCA secure) key encapsulation mechanism (KEM) from chosen-plaintext secure (CPA secure) KEM in the standard model. It is already known that CCA secure public key encryption (PKE) can be generically constructed from CPA secure PKE and ((simulation-sound) non-interactive zero-knowledge proof) via the Naor-Yung or Dolev-Dwork-Naor transforms. Thus, one can also immediately construct CCA secure PKE from CPA secure KEM by converting CPA secure KEM into CPA secure PKE and transforming it to be CCA secure PKE. However, such a construction seems redundant since in general PKE is less efficient than KEM and it would be more efficient if we can directly construct CCA secure KEM from CPA secure KEM without intermediating CPA secure PKE. In this work, we propose new variants of the Naor-Yung and Dolev-Dwork-Naor transforms that directly convert CPA secure KEM into CCA secure KEM, and show that our proposed schemes are more efficient than the above straightforward constructions. For example, when instantiating from the decision linear assumption, ciphertext size of our Naor-Yung variant consists of 34 group elements while that of the straightforward construction consists of 47 group elements. Furthermore, we also propose another variant of the Dolev-Dwork-Naor transform from multiple KEM and show that a KEM which is obtained from Wee's extractable hash proof system can also be considered as an efficient construction of multiple KEM.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.