Constructing secure hybrid encryption from key encapsulation mechanism with authenticity

Abstract

In this paper, we propose a new framework for constructing hybrid encryption. Specifically, we propose an authenticated key encapsulation mechanism (AKEM) which plays a role of the public-key part, and show that it is possible to construct IND-CCA secure hybrid encryption by combining AKEM and traditional DEM (data encapsulation mechanism). The feature of AKEM worthy of mention is that it has the function of authenticity in addition to that of KEM and that it effectively uses additional information in its decryption process. The main contribution of our framework AKEM/DEM lies in simply and systematically providing a wide range of constructions for hybrid encryption by extending the idea of tag-KEM/DEM so that several well-known constructions, such as Fujisaki-Okamoto conversion and REACT, which have not been captured within existing frameworks can be successfully captured. In the AKEM/DEM framework, we propose the following three types of constructions for hybrid encryption, and show a sufficient condition on security of AKEM and DEM to prove that the resulting hybrid encryption meets IND-CCA: (i) the first construction uses only a plaintext of DEM as additional information, and it includes Fujisaki-Okamoto conversion; (ii) the second construction uses both a plaintext and a ciphertext of DEM as additional information, and it includes REACT; and (iii) the third construction uses only a ciphertext of DEM as additional information, and it includes almost all constructions of tag-KEM/DEM. Furthermore, we show that the basic ideas behind constructions of Fujisaki-Okamoto conversion, REACT and tag-KEM can be successfully extended to all types of AKEM by slightly modifying them if necessary. © 2011 Springer-Verlag.