Paper 2012/159

Hybrid Encryption in the Multi-User Setting

G. M. Zaverucha


This paper presents an attack in the multi-user setting on various public-key encryption schemes standardized in IEEE 1363a, SECG SEC 1 and ISO 18033-2. The multi-user setting is a security model proposed by Bellare et al., which allows adversaries to simultaneously attack multiple ciphertexts created by one or more users. An attack is considered successful if the attacker learns information about any of the plaintexts. We show that many standardized public-key encryption schemes are vulnerable in this model, and give ways to prevent the attack. We also show that the key derivation function and pseudorandom generator used to implement a hybrid encryption scheme must be secure in the multi-user setting, in order for the overall primitive to be secure in the multi-user setting. As an illustration of the former, we show that using HKDF (as standardized in NIST SP 800-56C) as a key derivation function for certain standardized hybrid public-key encryption schemes is insecure in the multi-user setting.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
hybrid public-key encryptionmulti-user security
Contact author(s)
gzaveruc @ cs uwaterloo ca
2012-03-28: received
Short URL
Creative Commons Attribution


      author = {G. M.  Zaverucha},
      title = {Hybrid Encryption in the Multi-User Setting},
      howpublished = {Cryptology ePrint Archive, Paper 2012/159},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.