# Information Security and Cryptography Research Group

## A Constructive Perspective on Key Encapsulation

### Sandro Coretti, Ueli Maurer, and Björn Tackmann

Number Theory and Cryptography, Lecture Notes in Computer Science, Springer, vol. 8260, pp. 226–239, 2013.

A key-encapsulation mechanism (KEM) is a cryptographic primitive that allows anyone in possession of some partys public key to securely transmit a key to that party. A KEM can be viewed as a key-exchange protocol in which only a single message is transmitted; the main application is in combination with symmetric encryption to achieve public-key encryption of messages of arbitrary length.

The security of KEMs is usually defined in terms of a certain game that no efficient adversary can win with non-negligible advantage. A main drawback of game-based definitions is that they often do not have clear semantics, and that the security of each higher-level protocol that makes use of KEMs needs to be proved by showing a tailor-made security reduction from breaking the security of the KEM to breaking the security of the combined protocol.

We propose a novel approach to the security and applications of KEMs, following the constructive cryptography paradigm by Maurer and Renner (ICS 2011). The goal of a KEM is to construct a resource that models a shared key available to the honest parties. This resource can be used in designing and proving higher-level protocols; the composition theorem guarantees the security of the combined protocol without the need for a specific reduction.

## BibTeX Citation

@inbook{CoMaTa13b,
author       = {Sandro Coretti and Ueli Maurer and Björn Tackmann},
title        = {A Constructive Perspective on Key Encapsulation},
editor       = {Marc Fischlin and Stefan Katzenbeisser},
booktitle    = {Number Theory and Cryptography},
pages        = 226--239,
series       = {Lecture Notes in Computer Science},
volume       = 8260,
year         = 2013,
publisher    = {Springer},
}