A New Variant of the Cramer-Shoup KEM Secure against Chosen Ciphertext Attack

  • Joonsang Baek
  • Willy Susilo
  • Joseph K. Liu
  • Jianying Zhou
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5536)


We propose a new variant of the Cramer-Shoup KEM (key encapsulation mechanism). The proposed variant is more efficient than the original Cramer-Shoup KEM scheme in terms of public key size and encapsulation cost, but is proven to be (still) secure against chosen ciphertext attack in the standard model, relative to the Decisional Diffie-Hellman problem.


Random Oracle Cryptology ePrint Archive Challenge Ciphertext Choose Ciphertext Attack Choose Ciphertext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abe, M., Genaro, R., Kurosawa, K.: Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM, Cryptology ePrint Archive, Report 2005/027 (2005) (Last update: 11 October 2006)Google Scholar
  2. 2.
    Avanzi, R.M.: The Complexity of Certain Multi-Exponentiation Techniques in Cryptography. Journal of Cryptology 18(4), 357–373 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Baek, J., Galindo, D., Susilo, W., Zhou, J.: Constructing Strong KEM from Weak KEM (or How to Revive the KEM/DEM Framework). In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 358–374. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  5. 5.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations Among Notions of Security for Public-Key Encryption Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: ACM-CCS 1993, pp. 62–73. ACM Press, New York (1993)Google Scholar
  7. 7.
    Bernstein, D.J.: Pippenger’s Exponentiation Algorithm (preprint) (2002),
  8. 8.
    Cash, D., Kiltz, E., Shoup, V.: The Twin Diffie-Hellman Problem and Applications. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 127–145. Springer, Heidelberg (2008); full version available on Cryptology ePrint Archive: Report 2008/067CrossRefGoogle Scholar
  9. 9.
    Cramer, R., Shoup, V.: A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Ciphertext Attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. 10.
    Cramer, R., Shoup, V.: Design and Analysis of Practical Public-key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack. SIAM Journal of Computing 33, 167–226 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable Cryptography. In: STOC 1991, pp. 542–552. ACM Press, New York (1991)Google Scholar
  12. 12.
    Gennaro, R., Shoup, V.: A Note on An Encryption Scheme of Kurosawa and Desmedt, Cryptology ePrint Archive, Report 2004/294 (2004)Google Scholar
  13. 13.
    Herranz, J., Hofheinz, D., Kiltz, E.: The Kurosawa-Desmedt Key Encapsulation is not Chosen-Ciphertext Secure,Cryptology ePrint Archive, Report 2006/207 (2006)Google Scholar
  14. 14.
    Hofheinz, D., Kiltz, E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    ISO 18033-2, An Emerging Standard for Public-Key Encryption (2004)Google Scholar
  16. 16.
    Kiltz, E.: Chosen-Ciphertext Secure Key-Encapsulation Based on Gap Hashed Diffie-Hellman. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 282–297. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    Kurosawa, K., Desmedt, Y.: A New Paradigm of Hybrid Encryption Scheme. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 426–442. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Lu, X., Lai, X., He, D.: Improved efficiency of Kiltz07-KEM, Cryptology ePrint Archive, Report 2008/312 (2008)Google Scholar
  19. 19.
    Möller, B., Rupp, A.: Faster Multi-Exponentiation through Caching: Accelerating (EC)DSA Signature Verification. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 39–56. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Naor, M., Yung, M.: Public-key Cryptosystems Provably Secure against Chosen Ciphertext Attacks. In: STOC 1990, pp. 427–437. ACM Press, New York (1990)Google Scholar
  21. 21.
    Phong, L.T., Ogata, W.: On Some Variations of Kurosawa-Desmedt Public-Key Encryption Scheme. IEICE Transactions 90-A(1), 226–230 (2007)CrossRefGoogle Scholar
  22. 22.
    Shoup, V.: A Proposal for an ISO Standard for Public Key Encryption (version 2.1), ISO/IEC JTC 1/SC 27 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Joonsang Baek
    • 1
  • Willy Susilo
    • 2
  • Joseph K. Liu
    • 1
  • Jianying Zhou
    • 1
  1. 1.Cryptography and Security DepartmentInstitute for Infocomm ResearchSingapore
  2. 2.Centre for Computer and Information Security Research School of Computer Science and Software EngineeringUniversity of WollongongAustralia

Personalised recommendations