Cryptology ePrint Archive: Report 2007/481

MAC-free variant of KD04

Xianhui Lu, Xuejia Lai, Dake He

Abstract: Kurosawa and Desmedt proposed an efficient hybrid encryption scheme(KD04) which is secure against adaptive chosen ciphertext attacks(IND-CCA) although the underlying KEM(key encapsulation mechanism) is not IND-CCA secure\cite{Kurosawa2004}. We show a variant of KD04 which is IND-CCA secure when the the underlying DEM part is IND-CCA secure. We need a DEM built from one-time symmetric encryption scheme and a MAC in the security reduction to check if the KEM part of a ciphertext is valid. However in the real situation we can check if the KEM part of the ciphertext is valid without the help of the MAC. So the hybrid encryption scheme can also use redundancy-free IND-CCA secure DEMs that avoid the overhead due to the MAC. When using redundancy-free(MAC-free) IND-CCA secure DEMs, the new scheme will be more efficient than KD04 in bandwidth.

Category / Keywords: hybrid encryption, IND-CCA, DEM, MAC-free

Date: received 21 Dec 2007, last revised 6 Jan 2008, withdrawn 6 May 2008

Contact author: luxianhui at gmail com

Available format(s): (-- withdrawn --)

Version: 20080506:132557 (All versions of this report)

Short URL: ia.cr/2007/481

Discussion forum: Show discussion | Start new discussion