Cryptology ePrint Archive: Report 2001/110

RSA hybrid encryption schemes

Louis Granboulan

Abstract: This document compares the two published RSA-based hybrid encryption schemes having linear reduction in their security proof: RSA-KEM with DEM1 and RSA-REACT. While the performance of RSA-REACT is worse than the performance of RSA-KEM+DEM1, a complete proof of its security has already been published. This is indeed an advantage, because we show that the security result for RSA-KEM+DEM1 has a small hole. We provide here a complete proof of the security of RSA-KEM+DEM1. We also propose some changes to RSA-REACT to improve its efficiency without changing its security, and conclude that this new RSA-REACT is a generalisation of RSA-KEM+DEM1, with at most the same security, and with possibly worse performance.

Therefore we show that RSA-KEM+DEM1 should be preferred to RSA-REACT.

Category / Keywords: public-key cryptography / RSA hybrid encryption scheme

Date: received 19 Dec 2001, last revised 21 Dec 2001

Contact author: Louis Granboulan at ens fr

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Version: 20011221:174424 (All versions of this report)

Short URL: ia.cr/2001/110

Discussion forum: Show discussion | Start new discussion