KEM Combiners. / Giacon, Federico; Heuer, Felix; Poettering, Bertram.

2018. 190-218 Paper presented at PKC 2018, .

Research output: Contribution to conferencePaper

Published

Standard

KEM Combiners. / Giacon, Federico; Heuer, Felix; Poettering, Bertram.

2018. 190-218 Paper presented at PKC 2018, .

Research output: Contribution to conferencePaper

Harvard

Giacon, F, Heuer, F & Poettering, B 2018, 'KEM Combiners', Paper presented at PKC 2018, 25/03/18 - 28/03/18 pp. 190-218. https://doi.org/10.1007/978-3-319-76578-5_7

APA

Giacon, F., Heuer, F., & Poettering, B. (2018). KEM Combiners. 190-218. Paper presented at PKC 2018, . https://doi.org/10.1007/978-3-319-76578-5_7

Vancouver

Giacon F, Heuer F, Poettering B. KEM Combiners. 2018. Paper presented at PKC 2018, . https://doi.org/10.1007/978-3-319-76578-5_7

Author

Giacon, Federico ; Heuer, Felix ; Poettering, Bertram. / KEM Combiners. Paper presented at PKC 2018, .29 p.

BibTeX

@conference{6be6a0c7be29400eab820bc17322a7c3,
title = "KEM Combiners",
abstract = "Key-encapsulation mechanisms (KEMs) are a common stepping stone for constructing public-key encryption. Secure KEMs can be built from diverse assumptions, including ones related to integer factorization, discrete logarithms, error correcting codes, or lattices. In light of the recent NIST call for post-quantum secure PKE, the zoo of KEMs that are believed to be secure continues to grow. Yet, on the question of which is the most secure KEM opinions are divided. While using the best candidate might actually not seem necessary to survive everyday life situations, placing a wrong bet can actually be devastating, should the employed KEM eventually turn out to be vulnerable.We introduce KEM combiners as a way to garner trust from different KEM constructions, rather than relying on a single one: We present efficient black-box constructions that, given any set of `ingredient' KEMs, yield a new KEM that is (CCA) secure as long as at least one of the ingredient KEMs is.As building blocks our constructions use cryptographic hash functions and blockciphers. Some corresponding security proofs require idealized models for these primitives, others get along on standard assumptions.",
author = "Federico Giacon and Felix Heuer and Bertram Poettering",
year = "2018",
doi = "10.1007/978-3-319-76578-5_7",
language = "English",
pages = "190--218",
note = "PKC 2018 ; Conference date: 25-03-2018 Through 28-03-2018",

}

RIS

TY - CONF

T1 - KEM Combiners

AU - Giacon, Federico

AU - Heuer, Felix

AU - Poettering, Bertram

PY - 2018

Y1 - 2018

N2 - Key-encapsulation mechanisms (KEMs) are a common stepping stone for constructing public-key encryption. Secure KEMs can be built from diverse assumptions, including ones related to integer factorization, discrete logarithms, error correcting codes, or lattices. In light of the recent NIST call for post-quantum secure PKE, the zoo of KEMs that are believed to be secure continues to grow. Yet, on the question of which is the most secure KEM opinions are divided. While using the best candidate might actually not seem necessary to survive everyday life situations, placing a wrong bet can actually be devastating, should the employed KEM eventually turn out to be vulnerable.We introduce KEM combiners as a way to garner trust from different KEM constructions, rather than relying on a single one: We present efficient black-box constructions that, given any set of `ingredient' KEMs, yield a new KEM that is (CCA) secure as long as at least one of the ingredient KEMs is.As building blocks our constructions use cryptographic hash functions and blockciphers. Some corresponding security proofs require idealized models for these primitives, others get along on standard assumptions.

AB - Key-encapsulation mechanisms (KEMs) are a common stepping stone for constructing public-key encryption. Secure KEMs can be built from diverse assumptions, including ones related to integer factorization, discrete logarithms, error correcting codes, or lattices. In light of the recent NIST call for post-quantum secure PKE, the zoo of KEMs that are believed to be secure continues to grow. Yet, on the question of which is the most secure KEM opinions are divided. While using the best candidate might actually not seem necessary to survive everyday life situations, placing a wrong bet can actually be devastating, should the employed KEM eventually turn out to be vulnerable.We introduce KEM combiners as a way to garner trust from different KEM constructions, rather than relying on a single one: We present efficient black-box constructions that, given any set of `ingredient' KEMs, yield a new KEM that is (CCA) secure as long as at least one of the ingredient KEMs is.As building blocks our constructions use cryptographic hash functions and blockciphers. Some corresponding security proofs require idealized models for these primitives, others get along on standard assumptions.

UR - https://eprint.iacr.org/2018/024

U2 - 10.1007/978-3-319-76578-5_7

DO - 10.1007/978-3-319-76578-5_7

M3 - Paper

SP - 190

EP - 218

T2 - PKC 2018

Y2 - 25 March 2018 through 28 March 2018

ER -