×

Securing RSA-KEM via the AES. (English) Zbl 1081.94529

Vaudenay, Serge (ed.), Public key cryptography – PKC 2005. 8th international workshop on theory and practice in public key cryptography, Les Diablerets, Switzerland, January 23–26, 2005. Proceedings. Berlin: Springer (ISBN 3-540-24454-9/pbk). Lecture Notes in Computer Science 3386, 29-46 (2005).
Summary: RSA-KEM is a popular key encapsulation mechanism that combines the RSA trapdoor permutation with a key derivation function (KDF). Often the details of the KDF are viewed as orthogonal to the RSA-KEM construction and the RSA-KEM proof of security models the KDF as a random oracle. In this paper we present an AES-based KDF that has been explicitly designed so that we can appeal to currently held views on the ideal behaviour of the AES when proving the security of RSA-KEM. Thus, assuming that encryption with the AES provides a permutation of 128-bit input blocks that is chosen uniformily at random for each key \(k\), the security of RSA-KEM against chosen-ciphertext attacks can be related to the hardness of inverting RSA.
For the entire collection see [Zbl 1069.94502].

MSC:

94A60 Cryptography
PDFBibTeX XMLCite
Full Text: DOI