2010 | OriginalPaper | Buchkapitel
Plaintext-Awareness of Hybrid Encryption
verfasst von : Shaoquan Jiang, Huaxiong Wang
Erschienen in: Topics in Cryptology - CT-RSA 2010
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
We study plaintext awareness for hybrid encryptions. Based on a binary relation
R
, we define a new notion of PA2 (or
R
-PA2 for short) and a notion of IND-CCA2 (or
R
-IND-CCA2 for short) for key encapsulation mechanism (KEM). We define a relation
R
DEM
from the description of data encryption mechanism (DEM). We prove two composition results, which holds with or without (public) random oracles.
a.
When KEM, with
R
DEM
-PA2 and
R
DEM
-IND-CCA2 security, composes with a one-time pseudorandom and unforgeable (OT-PUE) DEM, the resulting hybrid encryption is PA2 secure. OT-PUE is weak and even unnecessarily passively secure and can be realized by a one-time pad encryption followed by a pseudorandom function.
b.
If KEM is
R
DEM
-IND-CCA and DEM is passively secure and unforgeable, the hybrid encryption (KEM, DEM) is IND-CCA2 secure.
As an application, we show that DHIES, a public key encryption scheme by Abdalla et al. [1] and now in IEEE P1361a and ANSI X.963, is PA2 secure. As another application, we prove that a hash proof system based hybrid encryption is PA2. Consequently, this especially implies that the concrete Kurosawa-Desmedt hybrid encryption (CRYPTO04) is PA2.