Paper 2006/268

On the Equivalence of Several Security Notions of Key Encapsulation Mechanism

Waka Nagao, Yoshifumi Manabe, and Tatsuaki Okamoto

Abstract

KEM (Key Encapsulation Mechanism) was introduced by Shoup to formalize the asymmetric encryption specified for key distribution in ISO standards on public-key encryption. Shoup defined the ``semantic security (IND) against adaptively chosen ciphertext attacks (CCA2)'' as a desirable security notion of KEM. This paper introduces ''non-malleability (NM)'' of KEM, a stronger security notion than IND. We provide three definitions of NM, and show that these three definitions are equivalent. We then show that NM-CCA2 KEM is equivalent to IND-CCA2 KEM. That is, we show that NM is equivalent to IND under CCA2 attacks, although NM is stronger than IND in the definition (or under some attacks like CCA1). In addition, this paper defines the universally composable (UC) security of KEM and shows that NM-CCA2 KEM is equivalent to UC KEM.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
key encapsulation mechanismnon-malleabilityuniversal composability
Contact author(s)
okamoto tatsuaki @ lab ntt co jp
History
2006-08-12: received
Short URL
https://ia.cr/2006/268
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2006/268,
      author = {Waka Nagao and Yoshifumi Manabe and Tatsuaki Okamoto},
      title = {On the Equivalence of Several Security Notions of Key Encapsulation Mechanism},
      howpublished = {Cryptology {ePrint} Archive, Paper 2006/268},
      year = {2006},
      url = {https://eprint.iacr.org/2006/268}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.