All Dates/Times are Australian Eastern Standard Time (AEST)

Technical Program

Paper Detail

Paper IDD5-S6-T4.1
Paper Title Information-theoretic Key Encapsulation and its Application to Secure Communication
Authors Setareh Sharifian, Reihaneh Safavi-Naini, University of Calgary, Canada
Session D5-S6-T4: Post Quantum Cryptography
Chaired Session: Friday, 16 July, 23:40 - 00:00
Engagement Session: Saturday, 17 July, 00:00 - 00:20
Abstract A hybrid encryption scheme consists of a public-key part called the key encapsulation mechanism (KEM), that is used to generate and establish a shared secret key between two parties, and a (symmetric) secret-key part called the data encapsulation mechanism (DEM) that encrypts the data using the shared key. Hybrid encryption schemes are widely used for securing Internet communication. In this paper, we initiate the study of hybrid encryption in preprocessing model which assumes access to initial correlated variables by all parties (including the eavesdropper), and define information-theoretic KEM (iKEM) that together with a (computationally) secure DEM, results in a hybrid encryption scheme in preprocessing model. We define security of each building block, and prove a composition theorem that guarantees (computational) q-chosen-plaintext attack (CPA) security of the hybrid encryption system if the iKEM and the DEM satisfy q-chosen-encapsulation attack security and one-time security, respectively. We show that an iKEM can be realized by an information-theoretic one-way secret key agreement (OW-SKA) protocol where a single message is transmitted from Alice to Bob, with a new security definition that allows q queries to Alice. Using a OW-SKA that satisfies this new definition of security, effectively allows the established secret key to be used with a one-time symmetric key encryption system that can be implemented, for example, by XORing the output of a (computationally) secure pseudorandom generator with the message, to provide secure encryption of q arbitrary messages (polynomially bounded length). We discuss our results and directions for future work.