The tag-KEM/DEM framework has been proposed by Abe, Gennaro, Kurosawa, and Shoup to explain why the Kurosawa-Desmedt PKE is secure in the sense of IND-CCA2, yet the KEM part are not secure in the sense of IND-CCA2. They have concluded that the Kurosawa-Desmedt KEM satisfies the IND-CCA2 security for tag-KEM. They have shown that an IND-CCA2 secure PKE system can be constructed from an IND-CCA2 tag-KEM system and an IND-OT secure DEM system. Herranz, Hofheinz and Kiltz have shown the necessary and sufficient conditions for the KEM/DEM framework. They also have studied implications and separations among the security notions of KEM. In this paper, we study the necessary and sufficient conditions for the tag-KEM/DEM framework. Moreover, we study implications and separations among the security notions of tag-KEM. By these studies, we show gaps between KEM and tag-KEM about weak and strong non-malleability with respect to the necessary and sufficient conditions in order to obtain the same security levels. © 2009 Springer Berlin Heidelberg.
CITATION STYLE
Matsuda, T., Nishimaki, R., Numayama, A., & Tanaka, K. (2009). Security on hybrid encryption with the tag-KEM/DEM framework. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5594 LNCS, pp. 343–359). https://doi.org/10.1007/978-3-642-02620-1_24
Mendeley helps you to discover research relevant for your work.