Cryptology ePrint Archive: Report 2013/567
KDM Security in the Hybrid Framework
Gareth T. Davies and Martijn Stam
Abstract: We study the natural question of how well suited the hybrid encryption paradigm is in the context of key-dependent message (KDM) attacks. We prove that if a key derivation function (KDF) is used in between the public (KEM) and symmetric (DEM) part of the hybrid scheme and this KDF is modelled as a random oracle, then one-wayness of the KEM and indistinguishability of the DEM together suffice for KDM security of the resulting hybrid scheme. We consider the most general scenario, namely CCA attacks and KDM functions that can call the random oracle. Although the result itself is not entirely unsuspected -- it does solve an open problem from Black, Rogaway, and Shrimpton (SAC 2002) -- proving it is considerably less straightforward; we develop some proof techniques that might be applicable in a wider context.
Category / Keywords: public-key cryptography / KDM Security, Hybrid Encryption, KEM/DEM, Public Key Encryption.
Date: received 6 Sep 2013, last revised 9 Sep 2013
Contact author: csgtd at bristol ac uk
Available format(s): PDF | BibTeX Citation
Version: 20130909:093915 (All versions of this report)
Short URL: ia.cr/2013/567
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]