International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On the Equivalence of Several Security Notions of Key Encapsulation Mechanism

Authors:
Waka Nagao
Yoshifumi Manabe
Tatsuaki Okamoto
Download:
URL: http://eprint.iacr.org/2006/268
Search ePrint
Search Google
Abstract: KEM (Key Encapsulation Mechanism) was introduced by Shoup to formalize the asymmetric encryption specified for key distribution in ISO standards on public-key encryption. Shoup defined the ``semantic security (IND) against adaptively chosen ciphertext attacks (CCA2)'' as a desirable security notion of KEM. This paper introduces ''non-malleability (NM)'' of KEM, a stronger security notion than IND. We provide three definitions of NM, and show that these three definitions are equivalent. We then show that NM-CCA2 KEM is equivalent to IND-CCA2 KEM. That is, we show that NM is equivalent to IND under CCA2 attacks, although NM is stronger than IND in the definition (or under some attacks like CCA1). In addition, this paper defines the universally composable (UC) security of KEM and shows that NM-CCA2 KEM is equivalent to UC KEM.
BibTeX
@misc{eprint-2006-21760,
  title={On the Equivalence of Several Security Notions of Key Encapsulation Mechanism},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / key encapsulation mechanism, non-malleability, universal composability},
  url={http://eprint.iacr.org/2006/268},
  note={ okamoto.tatsuaki@lab.ntt.co.jp 13372 received 12 Aug 2006},
  author={Waka Nagao and Yoshifumi Manabe and Tatsuaki Okamoto},
  year=2006
}