|
|
|
2.5 Hybrid Encryption |
|
|
Public-key encryption has contributed to the simpli |
cation of key management, reducing the |
|
number of keys in a network of n users from n(n |
1) to n. Despite that, the price to pay |
|
for this simpli cation is that encrypting with a public-key scheme is much slower than doing so with a symmetric encryption scheme. Another limitation of public-key encryption relates to the xed length of plaintexts: While it is possible to encrypt arbitrary long message using modes of operations, there is no generic way to extend the message space of a public-key encryption scheme.
erefore, to combine the advantages of both types of encryptions, a dual mechanism of key encapsulation mechanism (KEM) coupled with a data encapsulation mechanism (DEM) was proposed. Simply put, this system works by having a random symmetric key encrypted in a ciphertext which is used in a symmetric scheme to encrypt the data to send. More explicitly, we give the following de nition.
De nition . ( e KEM/DEM Paradigm of Hybrid Encryption)
A KEM consists of the following algorithms
KeyGen(1 ) ! (sk; pk): is rst probabilistic polynomial-time algorithm generates the pair of keys.
KEM:Encpk() ! (K; C): Taking no input, this algorithm produces a symmetric key K for the DEM de ned below and outputs its corresponding ciphertext C.
KEM:Decsk(C) ! K: Via this algorithm the receiver makes use of his secret key sk to reco er the symmetric key K.
A DEM is then de ned as for a symmetric encryption scheme without key generation.
DEM:Enc(K; m) ! c: Using this algorithm, the sender encrypts the message m.
DEM:Dec(K:c) ! m: By this algorithm, the receiver decrypts c and gets the underlying
ciphertext m.
From a very high level, a KEM/DEM can be seen as a public-key encryption scheme. Since they mimic public-key and symmetric-key encryption schemes, it is rather easy to de ne similar security properties for KEMs and DEMs.
2.6The Random Oracle Model
e Random Oracle (RO) model consists of replacing hash functions by black-box oracles that produces uniformly distributed outputs [BR ]. e RO model has been useful in proving the security of many schemes with fairly simpler design than comprable ones with security proofs in the standard model. ere is however a separation between the two as Canetti,
.