Cryptology ePrint Archive: Report 2017/843

Hybrid Encryption in a Multi-User Setting, Revisited

Federico Giacon and Eike Kiltz and Bertram Poettering

Abstract: This paper contributes to understanding the interplay of security notions for PKE, KEMs, and DEMs, in settings with multiple users, challenges, and instances. We start analytically by first studying (a) the tightness aspects of the standard hybrid KEM+DEM encryption paradigm, (b) the inherent weak security properties of all deterministic DEMs due to generic key-collision attacks in the multi-instance setting, and (c) the negative effect of deterministic DEMs on the security of hybrid encryption.

We then switch to the constructive side by (d) introducing the concept of an augmented data encapsulation mechanism (ADEM) that promises robustness against multi-instance attacks, (e) proposing a variant of hybrid encryption that uses an ADEM instead of a DEM to alleviate the problems of the standard KEM+DEM composition, and (f) constructing practical ADEMs that are secure in the multi-instance setting.

Category / Keywords: cryptographic protocols / hybrid encryption, multi-user security, tightness

Date: received 1 Sep 2017, last revised 2 Sep 2017

Contact author: bertram poettering at rub de

Available format(s): PDF | BibTeX Citation

Version: 20170906:183958 (All versions of this report)

Short URL: ia.cr/2017/843

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]