The Kurosawa-Desmedt key encapsulation is not chosen-ciphertext secure

Seung Geol Choi; Javier Herranz; Dennis Hofheinz; Jung Yeon Hwang; Eike Kiltz; Dong Hoon Lee; Moti Yung

doi:10.1016/j.ipl.2009.04.007

The Kurosawa-Desmedt key encapsulation is not chosen-ciphertext secure

Seung Geol Choi, Javier Herranz, Dennis Hofheinz, Jung Yeon Hwang, Eike Kiltz, Dong Hoon Lee, Moti Yung

School of Cybersecurity

Research output: Contribution to journal › Article › peer-review

8 Citations (Scopus)

Abstract

At CRYPTO 2004, Kurosawa and Desmedt presented a new hybrid encryption scheme that is chosen-ciphertext (CCA2) secure in the standard model. Until now it was unknown if the key encapsulation part of the Kurosawa-Desmedt scheme by itself is still CCA2-secure or not. In this note we answer this question to the negative, namely we present a simple CCA2 attack on the Kurosawa-Desmedt key encapsulation mechanism. Our attack further supports the design paradigm of Kurosawa and Desmedt to build CCA2-secure hybrid encryption from weak key encapsulation.

Original language	English
Pages (from-to)	897-901
Number of pages	5
Journal	Information Processing Letters
Volume	109
Issue number	16
DOIs	https://doi.org/10.1016/j.ipl.2009.04.007
Publication status	Published - 2009 Jul 31

Keywords

Cryptography
Hybrid encryption
Key encapsulation mechanism

ASJC Scopus subject areas

Theoretical Computer Science
Signal Processing
Information Systems
Computer Science Applications

Access to Document

10.1016/j.ipl.2009.04.007

Cite this

@article{4c3b4fa65ca340fba4c3d87494e3669e,

title = "The Kurosawa-Desmedt key encapsulation is not chosen-ciphertext secure",

abstract = "At CRYPTO 2004, Kurosawa and Desmedt presented a new hybrid encryption scheme that is chosen-ciphertext (CCA2) secure in the standard model. Until now it was unknown if the key encapsulation part of the Kurosawa-Desmedt scheme by itself is still CCA2-secure or not. In this note we answer this question to the negative, namely we present a simple CCA2 attack on the Kurosawa-Desmedt key encapsulation mechanism. Our attack further supports the design paradigm of Kurosawa and Desmedt to build CCA2-secure hybrid encryption from weak key encapsulation.",

keywords = "Cryptography, Hybrid encryption, Key encapsulation mechanism",

author = "Choi, {Seung Geol} and Javier Herranz and Dennis Hofheinz and Hwang, {Jung Yeon} and Eike Kiltz and Lee, {Dong Hoon} and Moti Yung",

note = "Funding Information: 2 Supported by the research program Sentinels, financed by Technology Foundation STW, the Netherlands Organization for Scientific Research (NWO), and the Dutch Ministry of Economic Affairs. 3 Supported by the Brain Korea 21 Project. Funding Information: 1 Supported by European Social Fund (ESF) and Spanish MICINN Ministry, through a Ram{\'o}n y Cajal grant.",

year = "2009",

month = jul,

day = "31",

doi = "10.1016/j.ipl.2009.04.007",

language = "English",

volume = "109",

pages = "897--901",

journal = "Information Processing Letters",

issn = "0020-0190",

publisher = "Elsevier",

number = "16",

}

TY - JOUR

T1 - The Kurosawa-Desmedt key encapsulation is not chosen-ciphertext secure

AU - Choi, Seung Geol

AU - Herranz, Javier

AU - Hofheinz, Dennis

AU - Hwang, Jung Yeon

AU - Kiltz, Eike

AU - Lee, Dong Hoon

AU - Yung, Moti

N1 - Funding Information: 2 Supported by the research program Sentinels, financed by Technology Foundation STW, the Netherlands Organization for Scientific Research (NWO), and the Dutch Ministry of Economic Affairs. 3 Supported by the Brain Korea 21 Project. Funding Information: 1 Supported by European Social Fund (ESF) and Spanish MICINN Ministry, through a Ramón y Cajal grant.

PY - 2009/7/31

Y1 - 2009/7/31

N2 - At CRYPTO 2004, Kurosawa and Desmedt presented a new hybrid encryption scheme that is chosen-ciphertext (CCA2) secure in the standard model. Until now it was unknown if the key encapsulation part of the Kurosawa-Desmedt scheme by itself is still CCA2-secure or not. In this note we answer this question to the negative, namely we present a simple CCA2 attack on the Kurosawa-Desmedt key encapsulation mechanism. Our attack further supports the design paradigm of Kurosawa and Desmedt to build CCA2-secure hybrid encryption from weak key encapsulation.

AB - At CRYPTO 2004, Kurosawa and Desmedt presented a new hybrid encryption scheme that is chosen-ciphertext (CCA2) secure in the standard model. Until now it was unknown if the key encapsulation part of the Kurosawa-Desmedt scheme by itself is still CCA2-secure or not. In this note we answer this question to the negative, namely we present a simple CCA2 attack on the Kurosawa-Desmedt key encapsulation mechanism. Our attack further supports the design paradigm of Kurosawa and Desmedt to build CCA2-secure hybrid encryption from weak key encapsulation.

KW - Cryptography

KW - Hybrid encryption

KW - Key encapsulation mechanism

UR - http://www.scopus.com/inward/record.url?scp=67649372669&partnerID=8YFLogxK

U2 - 10.1016/j.ipl.2009.04.007

DO - 10.1016/j.ipl.2009.04.007

M3 - Article

AN - SCOPUS:67649372669

SN - 0020-0190

VL - 109

SP - 897

EP - 901

JO - Information Processing Letters

JF - Information Processing Letters

IS - 16

ER -

The Kurosawa-Desmedt key encapsulation is not chosen-ciphertext secure

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this