[Resource Topic] 2021/989: Stateful KEM: Towards Optimal Robust Combiner for Key Encapsulation Mechanism

Welcome to the resource topic for 2021/989

Title:
Stateful KEM: Towards Optimal Robust Combiner for Key Encapsulation Mechanism

Authors: Jia Xu, Yiwen Gao, Hoon Wei Lim, Hongbing Wang, Ee-Chien Chang

Abstract:

A (1,n)-robust combiner combines n cryptography primitives to construct a new primitive of the same type, and guarantees that if any of the ingredient primitive is secure, then the resulting primitive is secure. In recent two decades, robust combiners for various crypto primitives (e.g. public key encryption, oblivious transfer) have been proposed. Very recently, more works on robust combiners for post-quantum key encapsulation mechanism appear to achieve multi-layer of defence, to counter the future threat from Shor’s algorithm running on powerful quantum computers. However, typically such combination of n crypto primitives will sum up running times of all ingredient primitives and thus introduce linear overhead in time complexity, which may be a big burden on server side, since the server has to run key encapsulation mechanism (or key exchange protocol) with every online client. We propose the very first robust combiner (of KEMs), with O(1) \emph{amortized} complexity overhead, which not only breaks the linear boundary, but also achieves optimal complexity. Our experiments also confirm that the performance overhead of our robust combiner of n KEMs is constant (i.e. O(1)) rather than linear (i.e. O(n)). Our cost is that, the resulting KEM has to maintain a secret dynamic state of fixed and linear size (i.e. O(n)) . We call such KEM as Stateful Key Encapsulation Mechanism (SKEM). SKEM is suitable for two users (or devices), who will have \emph{frequent} secure communications (e.g. via VPN or SSH). We also formally define the security formulation for SKEM and prove the security of our proposed SKEM scheme in standard model.

ePrint: https://eprint.iacr.org/2021/989

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .