Paper 2021/989

Stateful KEM: Towards Optimal Robust Combiner for Key Encapsulation Mechanism

Jia Xu, Yiwen Gao, Hoon Wei Lim, Hongbing Wang, and Ee-Chien Chang


A $(1,n)$-robust combiner combines $n$ cryptography primitives to construct a new primitive of the same type, and guarantees that if any of the ingredient primitive is secure, then the resulting primitive is secure. In recent two decades, robust combiners for various crypto primitives (e.g. public key encryption, oblivious transfer) have been proposed. Very recently, more works on robust combiners for post-quantum key encapsulation mechanism appear to achieve multi-layer of defence, to counter the future threat from Shor's algorithm running on powerful quantum computers. However, typically such combination of $n$ crypto primitives will sum up running times of all ingredient primitives and thus introduce linear overhead in time complexity, which may be a big burden on server side, since the server has to run key encapsulation mechanism (or key exchange protocol) with every online client. We propose the very first robust combiner (of KEMs), with $O(1)$ \emph{amortized} complexity overhead, which not only breaks the linear boundary, but also achieves optimal complexity. Our experiments also confirm that the performance overhead of our robust combiner of $n$ KEMs is constant (i.e. $O(1)$) rather than linear (i.e. $O(n)$). Our cost is that, the resulting KEM has to maintain a secret dynamic state of fixed and linear size (i.e. $O(n)$) . We call such KEM as Stateful Key Encapsulation Mechanism (SKEM). SKEM is suitable for two users (or devices), who will have \emph{frequent} secure communications (e.g. via VPN or SSH). We also formally define the security formulation for SKEM and prove the security of our proposed SKEM scheme in standard model.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
Key Exchange ProtocolKey Encapsulation MechanismRobust CombinerSecurity and PerformanceParallel CombinationSeries CombinationPost-quantum Cryptography
Contact author(s)
jiaxu2001 @ gmail com
2021-07-28: received
Short URL
Creative Commons Attribution


      author = {Jia Xu and Yiwen Gao and Hoon Wei Lim and Hongbing Wang and Ee-Chien Chang},
      title = {Stateful KEM: Towards Optimal Robust Combiner for  Key Encapsulation Mechanism},
      howpublished = {Cryptology ePrint Archive, Paper 2021/989},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.