The Kurosawa-Desmedt key encapsulation is not chosen-ciphertext secure

Seung Geol Choi, Javier Herranz, Dennis Hofheinz, Jung Yeon Hwang, Eike Kiltz, Dong Hoon Lee, Moti Yung

Research output: Contribution to journalArticlepeer-review

8 Citations (Scopus)


At CRYPTO 2004, Kurosawa and Desmedt presented a new hybrid encryption scheme that is chosen-ciphertext (CCA2) secure in the standard model. Until now it was unknown if the key encapsulation part of the Kurosawa-Desmedt scheme by itself is still CCA2-secure or not. In this note we answer this question to the negative, namely we present a simple CCA2 attack on the Kurosawa-Desmedt key encapsulation mechanism. Our attack further supports the design paradigm of Kurosawa and Desmedt to build CCA2-secure hybrid encryption from weak key encapsulation.

Original languageEnglish
Pages (from-to)897-901
Number of pages5
JournalInformation Processing Letters
Issue number16
Publication statusPublished - 2009 Jul 31


  • Cryptography
  • Hybrid encryption
  • Key encapsulation mechanism

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Signal Processing
  • Information Systems
  • Computer Science Applications


Dive into the research topics of 'The Kurosawa-Desmedt key encapsulation is not chosen-ciphertext secure'. Together they form a unique fingerprint.

Cite this