Securing RSA-KEM via the AES

12 years 3 months ago
Securing RSA-KEM via the AES
RSA-KEM is a popular key encapsulation mechanism that combines the RSA trapdoor permutation with a key derivation function (KDF). Often the details of the KDF are viewed as orthogonal to the RSA-KEM construction and the RSA-KEM proof of security models the KDF as a random oracle. In this paper we present an AES-based KDF that has been explicitly designed so that we can appeal to currently held views on the ideal behaviour of the AES when proving the security of RSA-KEM. Thus, assuming that encryption with the AES provides a permutation of 128-bit input blocks that is chosen uniformily at random for each key k, the security of RSA-KEM against chosen-ciphertext attacks can be related to the hardness of inverting RSA.
Jakob Jonsson, Matthew J. B. Robshaw
Added 28 Jun 2010
Updated 28 Jun 2010
Type Conference
Year 2005
Where PKC
Authors Jakob Jonsson, Matthew J. B. Robshaw
Comments (0)