Paper 2013/567

KDM Security in the Hybrid Framework

Gareth T. Davies and Martijn Stam

Abstract

We study the natural question of how well suited the hybrid encryption paradigm is in the context of key-dependent message (KDM) attacks. We prove that if a key derivation function (KDF) is used in between the public (KEM) and symmetric (DEM) part of the hybrid scheme and this KDF is modelled as a random oracle, then one-wayness of the KEM and indistinguishability of the DEM together suffice for KDM security of the resulting hybrid scheme. We consider the most general scenario, namely CCA attacks and KDM functions that can call the random oracle. Although the result itself is not entirely unsuspected -- it does solve an open problem from Black, Rogaway, and Shrimpton (SAC 2002) -- proving it is considerably less straightforward; we develop some proof techniques that might be applicable in a wider context.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
KDM SecurityHybrid EncryptionKEMDEMPublic Key Encryption.
Contact author(s)
csgtd @ bristol ac uk
History
2013-09-09: revised
2013-09-09: received
See all versions
Short URL
https://ia.cr/2013/567
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2013/567,
      author = {Gareth T.  Davies and Martijn Stam},
      title = {{KDM} Security in the Hybrid Framework},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/567},
      year = {2013},
      url = {https://eprint.iacr.org/2013/567}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.