Paper 2017/843

Hybrid Encryption in a Multi-User Setting, Revisited

Federico Giacon, Eike Kiltz, and Bertram Poettering


This paper contributes to understanding the interplay of security notions for PKE, KEMs, and DEMs, in settings with multiple users, challenges, and instances. We start analytically by first studying (a) the tightness aspects of the standard hybrid KEM+DEM encryption paradigm, (b) the inherent weak security properties of all deterministic DEMs due to generic key-collision attacks in the multi-instance setting, and (c) the negative effect of deterministic DEMs on the security of hybrid encryption. We then switch to the constructive side by (d) introducing the concept of an augmented data encapsulation mechanism (ADEM) that promises robustness against multi-instance attacks, (e) proposing a variant of hybrid encryption that uses an ADEM instead of a DEM to alleviate the problems of the standard KEM+DEM composition, and (f) constructing practical ADEMs that are secure in the multi-instance setting.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
hybrid encryptionmulti-user securitytightness
Contact author(s)
bertram poettering @ rub de
2017-09-06: received
Short URL
Creative Commons Attribution


      author = {Federico Giacon and Eike Kiltz and Bertram Poettering},
      title = {Hybrid Encryption in a Multi-User Setting, Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2017/843},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.