International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: RSA hybrid encryption schemes

Louis Granboulan
Search ePrint
Search Google
Abstract: This document compares the two published RSA-based hybrid encryption schemes having linear reduction in their security proof: RSA-KEM with DEM1 and RSA-REACT. While the performance of RSA-REACT is worse than the performance of RSA-KEM+DEM1, a complete proof of its security has already been published. This is indeed an advantage, because we show that the security result for RSA-KEM+DEM1 has a small hole. We provide here a complete proof of the security of RSA-KEM+DEM1. We also propose some changes to RSA-REACT to improve its efficiency without changing its security, and conclude that this new RSA-REACT is a generalisation of RSA-KEM+DEM1, with at most the same security, and with possibly worse performance. Therefore we show that RSA-KEM+DEM1 should be preferred to RSA-REACT.
  title={RSA hybrid encryption schemes},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / RSA hybrid encryption scheme},
  note={ 11677 received 19 Dec 2001, last revised 21 Dec 2001},
  author={Louis Granboulan},