-- at least 20\% in encapsulation speed, and
-- up to 60\% in decapsulation speed,
which are verified by both theoretical comparison and experimental results. The efficiency of decapsulation can be even
-- about 40\% better than the decapsulation of the PSEC-KEM in ISO/IEC 18033-2
-- only slightly worse than the decapsulation of the ECIES-KEM in ISO/IEC 18033-2
which is of independent interest since the security of both PSEC-KEM and ECIES-KEM are argued using the controversial random oracle heuristic in contrast to ours.
We then generalize the technique into hash proof systems, proposing several KEM schemes with IND-CCA security under decision linear and decisional composite residuosity assumptions respectively. All the KEMs are in the standard model, and use standard, computationally secure symmetric building blocks.
We finally show that, with additional simple yet innovative twists, the KEMs can be proved resilient to certain amount of leakage on the secret key. Specifically with the DDH-based scheme, a fraction of $1/4-o(1)$ of the secret key can be leaked, and when conditioned on a fixed leakage rate, we obtain the most efficient leakage-resilient KEMs regarding computation and storage.
Category / Keywords: public-key cryptography / Kurosawa-Desmedt KEM, IND-CCA security, hash proof systems, standard model. Date: received 18 Nov 2013, last revised 11 Jun 2014 Contact author: phong at nict go jp Available format(s): PDF | BibTeX Citation Note: MAC-free schemes and leakage-resilient schemes are added in Sections 5 and 6. Version: 20140611:080834 (All versions of this report) Short URL: ia.cr/2013/765 Discussion forum: Show discussion | Start new discussion