Paper 2007/288
Secure Hybrid Encryption from Weakened Key Encapsulation
Dennis Hofheinz and Eike Kiltz
Abstract
We put forward a new paradigm for building hybrid encryption schemes from constrained chosen-ciphertext secure (CCCA) key-encapsulation mechanisms (KEMs) plus authenticated symmetric encryption. Constrained chosen-ciphertext security is a new security notion for KEMs that we propose. CCCA has less demanding security requirements than standard chosen-ciphertext (CCA) security (since it requires the adversary to have a certain plaintext-knowledge when making a decapsulation query) yet we can prove that CCCA is sufficient for secure hybrid encryption. Our notion is not only useful to express the Kurosawa-Desmedt public-key encryption scheme and its generalizations to hash-proof systems in an abstract KEM/DEM security framework. It also has a very constructive appeal, which we demonstrate with a new encryption scheme whose security relies on a class of intractability assumptions that we show (in the generic group model) strictly weaker than the Decision Diffie-Hellman (DDH) assumption. This appears to be the first practical public-key encryption scheme in the literature from an algebraic assumption strictly weaker than DDH.
Metadata
- Available format(s)
-
PDF
PS
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. A preliminary version of this paper appears in the proceedings of CRYPTO 2007. This is the full version.
- Keywords
- Chosen-ciphertext securityweak security assumptionshybrid encryption
- Contact author(s)
- kiltz @ cwi nl
- History
- 2007-08-07: received
- Short URL
- https://ia.cr/2007/288
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2007/288,
author = {Dennis Hofheinz and Eike Kiltz},
title = {Secure Hybrid Encryption from Weakened Key Encapsulation},
howpublished = {Cryptology {ePrint} Archive, Paper 2007/288},
year = {2007},
url = {https://eprint.iacr.org/2007/288}
}
