Securing RSA-KEM via the AES
2005 (English)In: PUBLIC KEY CRYPTOGRAPHY - PKC 2005 / [ed] Vaudenay, S, 2005, Vol. 3386, 29-46 p.Conference paper (Refereed)
RSA-KEM is a popular key encapsulation mechanism that combines the RSA trapdoor permutation with a key derivation function (KDF). Often the details of the KDF are viewed as orthogonal to the RSA-KEM construction and the RSA-KEM proof of security models the KDF as a random oracle. In this paper we present an AES-based KDF that has been explicitly designed so that we can appeal to currently held views on the ideal behaviour of the AES when proving the security of RSA-KEM. Thus, assuming that encryption with the AES provides a permutation of 128-bit input blocks that is chosen uniformily at random for each key k, the security of RSA-KEM against chosen-ciphertext attacks can be related to, the hardness of inverting RSA.
Place, publisher, year, edition, pages
2005. Vol. 3386, 29-46 p.
, LECTURE NOTES IN COMPUTER SCIENCE, ISSN 0302-9743 ; 3386
RSA-KEM, AES, key derivation function
IdentifiersURN: urn:nbn:se:kth:diva-42743ISI: 000227984700004ScopusID: 2-s2.0-24144475933ISBN: 3-540-24454-9OAI: oai:DiVA.org:kth-42743DiVA: diva2:447950
8th International Workshop on Theory and Practice in Public Key Cryptography Location: Les Diablerets, SWITZERLAND Date: JAN 23-26, 2005
QC 201110132011-10-132011-10-122011-10-13Bibliographically approved