Paper 2026/502

Efficient RLWE based Chosen-Ciphertext Secure Dual-Receiver Encryption and Sender-Binding KEM in the Standard Model

Laurin Benz, Karlsruhe Institute of Technology, KASTEL
Robert Brede, Karlsruhe Institute of Technology, KASTEL
Abstract

Key encapsulation mechanism (KEM) is an often used primitive in communication, closely related to public key encryption (PKE). Dual-receiver encryption (DRE) is another primitive closely related to PKE that allows a sender to encrypt a message to two different receivers. Most applications of DRE need the soundness property which guarantees that both receivers decrypt any ciphertext to the same message. Addition ally, IND-CPA security is often not enough and therefore schemes should satisfy a stronger notion like IND-CCA2. Meanwhile, an alternative to IND-CCA2 for KEMs is the IND-SB-CPA security notion which was proven to be strong enough to realize secure channels while in theory enabling the construction of more efficient schemes. Most IND-CCA2 security proofs rely on the FO transformation, which is only secure in the ROM, and the standard model DREs and KEMs are far from efficient. We fill this gap by providing a sound DRE and a KEM satisfying IND-CCA2 and IND-SB-CPA security respectively. Both schemes are based on RLWE, proven secure in the standard model, and have key sizes of 150 KB and ciphertext sizes of 100 KB, improving upon previous results by a factor of 10x to 100x.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A major revision of an IACR publication in PKC 2026
Keywords
Dual-receiver encryptionSoundnessSB-KEMRing Learning With ErrorsPost-QuantumIND-CCA2Standard Model
Contact author(s)
laurin benz @ kit edu
robert brede @ kit edu
History
2026-06-09: revised
2026-03-11: received
See all versions
Short URL
https://ia.cr/2026/502
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2026/502,
      author = {Laurin Benz and Robert Brede},
      title = {Efficient {RLWE} based Chosen-Ciphertext Secure Dual-Receiver Encryption and Sender-Binding {KEM} in the Standard Model},
      howpublished = {Cryptology {ePrint} Archive, Paper 2026/502},
      year = {2026},
      url = {https://eprint.iacr.org/2026/502}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.