Paper 2018/526
Towards KEM Unification
Daniel J. Bernstein and Edoardo Persichetti
Abstract
This paper highlights a particular construction of a correct KEM without failures and without ciphertext expansion from any correct deterministic PKE, and presents a simple tight proof of ROM IND-CCA2 security for the KEM assuming merely OW-CPA security for the PKE. Compared to previous proofs, this proof is simpler, and is also factored into smaller pieces that can be audited independently. In particular, this paper introduces the notion of ``IND-Hash'' security and shows that this allows a new separation between checking encryptions and randomizing decapsulations. The KEM is easy to implement in constant time, given a constant-time implementation of the PKE.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- PKEOW-CPAOW-PassiveIND-HashrigidKEMIND-CCA2ROM
- Contact author(s)
- authorcontact-tightkem @ box cr yp to
- History
- 2018-06-04: received
- Short URL
- https://ia.cr/2018/526
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/526, author = {Daniel J. Bernstein and Edoardo Persichetti}, title = {Towards {KEM} Unification}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/526}, year = {2018}, url = {https://eprint.iacr.org/2018/526} }