Securing RSA-KEM via the AES

14 years 4 months ago

Download www.iacr.org

RSA-KEM is a popular key encapsulation mechanism that combines the RSA trapdoor permutation with a key derivation function (KDF). Often the details of the KDF are viewed as orthogonal to the RSA-KEM construction and the RSA-KEM proof of security models the KDF as a random oracle. In this paper we present an AES-based KDF that has been explicitly designed so that we can appeal to currently held views on the ideal behaviour of the AES when proving the security of RSA-KEM. Thus, assuming that encryption with the AES provides a permutation of 128-bit input blocks that is chosen uniformily at random for each key k, the security of RSA-KEM against chosen-ciphertext attacks can be related to the hardness of inverting RSA.

Jakob Jonsson, Matthew J. B. Robshaw

Real-time Traffic

Cryptography | Key Derivation Function | PKC 2005 | Popular Key Encapsulation | RSA Trapdoor Permutation |

claim paper

Post Info
More Details (n/a)

Added	28 Jun 2010
Updated	28 Jun 2010
Type	Conference
Year	2005
Where	PKC
Authors	Jakob Jonsson, Matthew J. B. Robshaw

Comments (0)

Sciweavers

Securing RSA-KEM via the AES

Cryptography | Key Derivation Function | PKC 2005 | Popular Key Encapsulation | RSA Trapdoor Permutation |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers