Hybrid encryption in correlated randomness model and KEM combiners

IF 1 4区计算机科学 Q3 COMPUTER SCIENCE, THEORY & METHODS

Theoretical Computer Science Pub Date : 2025-08-21 DOI:10.1016/j.tcs.2025.115518

Somnath Panja , Setareh Sharifian , Shaoquan Jiang , Reihaneh Safavi-Naini

{"title":"Hybrid encryption in correlated randomness model and KEM combiners","authors":"Somnath Panja , Setareh Sharifian , Shaoquan Jiang , Reihaneh Safavi-Naini","doi":"10.1016/j.tcs.2025.115518","DOIUrl":null,"url":null,"abstract":"<div><div>Hybrid encryption (HE) is an efficient public key encryption system for messages of unrestricted length. Like public key encryption, it does not require the establishment of a shared key, while benefiting from the efficiency and flexibility of symmetric key encryption systems in encrypting messages without length restrictions. An HE system consists of a public key component, called <em>key encapsulation mechanism (KEM)</em>, and a symmetric key component, called <em>data encapsulation mechanism (DEM)</em>. In HE encryption, KEM is used to generate a random key that will be used by DEM algorithm to encrypt the message, and they generate a ciphertext. HE decryption uses the ciphertext to first recover the random key, and then use it to decrypt the message. The KEM/DEM composition theorem proves that if the KEM and DEM components satisfy certain security properties, then the resulting HE will satisfy the well-established security notions of public key encryption systems. KEM/DEM paradigm has been widely studied and used for securing communication over the Internet.</div><div>We motivate and introduce HE in <em>correlated randomness</em> setting where, instead of public and private key, the HE encryption and decryption algorithms have their respective <em>private correlated random</em> values that are partially leaked to the adversary. We define two types of KEMs, <em>iKEM with information theoretic security</em> and <em>cKEM with computational security</em>, and prove a composition theorem for each of these KEMs and a <em>DEM with computational security.</em> This results in efficient and secure HEs with proved computational CPA (Chosen Plaintext Attack) and CCA (Chosen Ciphertext Attack) security, and in the case of iKEM, without relying on specific computational hardness assumptions beyond general ones, such as the existence of one-way hash functions, or practical assumptions, such as the security of AES. We construct two iKEMs, based on an information theoretic secure one-message key agreement protocol, and prove their security against passive and active adversaries, respectively. The iKEMs are used to construct two efficient quantum-resistant HEs, with <em>post-quantum security</em>, using an AES based DEM.</div><div>To combine the new KEM/DEM paradigm of HE with the traditional public key based paradigm, we extend <em>KEM combiners</em> to combine a public-key KEM with an iKEM such that the resulting KEM is as secure as any of the two component KEMs. We discuss our results and their applications, and outline directions for future work.</div></div>","PeriodicalId":49438,"journal":{"name":"Theoretical Computer Science","volume":"1054 ","pages":"Article 115518"},"PeriodicalIF":1.0000,"publicationDate":"2025-08-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Theoretical Computer Science","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0304397525004566","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

Hybrid encryption (HE) is an efficient public key encryption system for messages of unrestricted length. Like public key encryption, it does not require the establishment of a shared key, while benefiting from the efficiency and flexibility of symmetric key encryption systems in encrypting messages without length restrictions. An HE system consists of a public key component, called key encapsulation mechanism (KEM), and a symmetric key component, called data encapsulation mechanism (DEM). In HE encryption, KEM is used to generate a random key that will be used by DEM algorithm to encrypt the message, and they generate a ciphertext. HE decryption uses the ciphertext to first recover the random key, and then use it to decrypt the message. The KEM/DEM composition theorem proves that if the KEM and DEM components satisfy certain security properties, then the resulting HE will satisfy the well-established security notions of public key encryption systems. KEM/DEM paradigm has been widely studied and used for securing communication over the Internet.

We motivate and introduce HE in correlated randomness setting where, instead of public and private key, the HE encryption and decryption algorithms have their respective private correlated random values that are partially leaked to the adversary. We define two types of KEMs, iKEM with information theoretic security and cKEM with computational security, and prove a composition theorem for each of these KEMs and a DEM with computational security. This results in efficient and secure HEs with proved computational CPA (Chosen Plaintext Attack) and CCA (Chosen Ciphertext Attack) security, and in the case of iKEM, without relying on specific computational hardness assumptions beyond general ones, such as the existence of one-way hash functions, or practical assumptions, such as the security of AES. We construct two iKEMs, based on an information theoretic secure one-message key agreement protocol, and prove their security against passive and active adversaries, respectively. The iKEMs are used to construct two efficient quantum-resistant HEs, with post-quantum security, using an AES based DEM.

To combine the new KEM/DEM paradigm of HE with the traditional public key based paradigm, we extend KEM combiners to combine a public-key KEM with an iKEM such that the resulting KEM is as secure as any of the two component KEMs. We discuss our results and their applications, and outline directions for future work.

查看原文本刊更多论文

关联随机模型和KEM组合器中的混合加密

混合加密（HE）是一种有效的不受长度限制的消息公钥加密系统。与公钥加密一样，它不需要建立共享密钥，同时在加密消息时不受长度限制，这得益于对称密钥加密系统的效率和灵活性。一个HE系统由公钥组件KEM （key encapsulation mechanism）和对称密钥组件DEM （data encapsulation mechanism）组成。在HE加密中，KEM用于生成随机密钥，DEM算法将使用该密钥对消息进行加密，并生成密文。HE解密首先使用密文恢复随机密钥，然后使用它解密消息。KEM/DEM组合定理证明，如果KEM和DEM组件满足一定的安全属性，则生成的HE将满足公钥加密系统中公认的安全概念。KEM/DEM范式已被广泛研究并用于保护互联网上的通信。我们在相关随机设置中激励和引入HE，其中HE加密和解密算法具有各自的私有相关随机值，而不是公钥和私钥，这些随机值部分泄露给对手。定义了具有信息理论安全性的kem和具有计算安全性的cKEM两种类型的kem，并证明了这两种kem的组合定理和具有计算安全性的DEM。这就产生了高效和安全的HEs，具有经过证明的计算性CPA（选择明文攻击）和CCA（选择密文攻击）安全性，并且在iKEM的情况下，不依赖于超出一般假设的特定计算硬度假设，例如单向散列函数的存在，或实际假设，例如AES的安全性。基于信息论的安全单消息密钥协议，构造了两个ikem，并分别证明了它们在被动和主动攻击下的安全性。使用基于AES的DEM， ikem用于构建两个具有后量子安全性的高效量子抵抗he。为了将HE的新KEM/DEM范例与传统的基于公钥的范例结合起来，我们扩展了KEM组合器，将公钥KEM与iKEM结合起来，这样得到的KEM就像两个组件KEM中的任何一个一样安全。我们讨论了我们的结果及其应用，并概述了未来工作的方向。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Theoretical Computer Science 工程技术-计算机：理论方法

CiteScore

2.60

自引率

18.20%

发文量

471

审稿时长

12.6 months

期刊介绍： Theoretical Computer Science is mathematical and abstract in spirit, but it derives its motivation from practical and everyday computation. Its aim is to understand the nature of computation and, as a consequence of this understanding, provide more efficient methodologies. All papers introducing or studying mathematical, logic and formal concepts and methods are welcome, provided that their motivation is clearly drawn from the field of computing.