Paper 2005/027

Tag-KEM/DEM: A New Framework for Hybrid Encryption

Masayuki ABE, Rosario Gennaro, and Kaoru Kurosawa


This paper presents a novel framework for the generic construction of hybrid encryption schemes which produces more efficient schemes than the ones known before. A previous framework introduced by Shoup combines a key encapsulation mechanism (KEM) and a data encryption mechanism (DEM). While it is sufficient to require both components to be secure against chosen ciphertext attacks (CCA-secure), Kurosawa and Desmedt showed a particular example of KEM that is not CCA-secure but can be securely combined with a specific type of CCA-secure DEM to obtain a more efficient, CCA-secure hybrid encryption scheme. There are also many other efficient hybrid encryption schemes in the literature that do not fit Shoup's framework. These facts serve as motivation to seek another framework. The framework we propose yields more efficient hybrid scheme, and in addition provides insightful explanation about existing schemes that do not fit into the previous framework. Moreover, it allows immediate conversion from a class of threshold public-key encryption to a hybrid one without considerable overhead, which may not be possible in the previous approach.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
hybrid encryption
Contact author(s)
abe masayuki @ lab ntt co jp
2006-10-11: revised
2005-02-04: received
See all versions
Short URL
Creative Commons Attribution


      author = {Masayuki ABE and Rosario Gennaro and Kaoru Kurosawa},
      title = {Tag-KEM/DEM: A New Framework for Hybrid Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2005/027},
      year = {2005},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.