Information Security and Cryptography Research Group

A Constructive Perspective on Key Encapsulation

Sandro Coretti, Ueli Maurer, and Björn Tackmann

Number Theory and Cryptography, Lecture Notes in Computer Science, Springer, vol. 8260, pp. 226–239, 2013.

A key-encapsulation mechanism (KEM) is a cryptographic primitive that allows anyone in possession of some party’s public key to securely transmit a key to that party. A KEM can be viewed as a key-exchange protocol in which only a single message is transmitted; the main application is in combination with symmetric encryption to achieve public-key encryption of messages of arbitrary length.

The security of KEMs is usually defined in terms of a certain game that no efficient adversary can win with non-negligible advantage. A main drawback of game-based definitions is that they often do not have clear semantics, and that the security of each higher-level protocol that makes use of KEMs needs to be proved by showing a tailor-made security reduction from breaking the security of the KEM to breaking the security of the combined protocol.

We propose a novel approach to the security and applications of KEMs, following the constructive cryptography paradigm by Maurer and Renner (ICS 2011). The goal of a KEM is to construct a resource that models a shared key available to the honest parties. This resource can be used in designing and proving higher-level protocols; the composition theorem guarantees the security of the combined protocol without the need for a specific reduction.

BibTeX Citation

    author       = {Sandro Coretti and Ueli Maurer and Björn Tackmann},
    title        = {A Constructive Perspective on Key Encapsulation},
    editor       = {Marc Fischlin and Stefan Katzenbeisser},
    booktitle    = {Number Theory and Cryptography},
    pages        = {226--239},
    series       = {Lecture Notes in Computer Science},
    volume       = {8260},
    year         = {2013},
    publisher    = {Springer},

Files and Links

  • There are currently no associated files available.