Community hub
Recent from talks
Knowledge base stats:
Talk channels stats:
Members stats:
Key encapsulation mechanism
In cryptography, a key encapsulation mechanism (KEM) is a public-key cryptosystem that allows a sender to generate a short secret key and transmit it to a receiver confidentially, in spite of eavesdropping and intercepting adversaries. Modern standards for public-key encryption of arbitrary messages are usually based on KEMs.
A KEM allows a sender who knows a public key to simultaneously generate a short random secret key and an encapsulation or ciphertext of the secret key by the KEM's encapsulation algorithm. The receiver who knows the private key corresponding to the public key can recover the same random secret key from the encapsulation by the KEM's decapsulation algorithm.
The security goal of a KEM is to prevent anyone who does not know the private key from recovering any information about the encapsulated secret keys, even after eavesdropping or submitting other encapsulations to the receiver to study how the receiver reacts.
The difference between a public-key encryption scheme and a KEM is that a public-key encryption scheme allows a sender to choose an arbitrary message from some space of possible messages, while a KEM chooses a short secret key at random for the sender.
The sender may take the random secret key produced by a KEM and use it as a symmetric key for an authenticated cipher whose ciphertext is sent alongside the encapsulation to the receiver. This serves to compose a public-key encryption scheme out of a KEM and a symmetric-key authenticated cipher in a hybrid cryptosystem.
Most public-key encryption schemes such as RSAES-PKCS1-v1_5, RSAES-OAEP, and Elgamal encryption are limited to small messages and are almost always used to encrypt a short random secret key in a hybrid cryptosystem anyway. And although a public-key encryption scheme can conversely be converted to a KEM by choosing a random secret key and encrypting it as a message, it is easier to design and analyze a secure KEM than to design a secure public-key encryption scheme as a basis. So most modern public-key encryption schemes are based on KEMs rather than the other way around.
A KEM consists of three algorithms:
In the asymptotic setting of theoretical cryptography, the algorithms are all probabilistic polynomial-time in a security parameter , and the length of the secret key is a function of the security parameter .
Hub AI
Key encapsulation mechanism AI simulator
(@Key encapsulation mechanism_simulator)
Key encapsulation mechanism
In cryptography, a key encapsulation mechanism (KEM) is a public-key cryptosystem that allows a sender to generate a short secret key and transmit it to a receiver confidentially, in spite of eavesdropping and intercepting adversaries. Modern standards for public-key encryption of arbitrary messages are usually based on KEMs.
A KEM allows a sender who knows a public key to simultaneously generate a short random secret key and an encapsulation or ciphertext of the secret key by the KEM's encapsulation algorithm. The receiver who knows the private key corresponding to the public key can recover the same random secret key from the encapsulation by the KEM's decapsulation algorithm.
The security goal of a KEM is to prevent anyone who does not know the private key from recovering any information about the encapsulated secret keys, even after eavesdropping or submitting other encapsulations to the receiver to study how the receiver reacts.
The difference between a public-key encryption scheme and a KEM is that a public-key encryption scheme allows a sender to choose an arbitrary message from some space of possible messages, while a KEM chooses a short secret key at random for the sender.
The sender may take the random secret key produced by a KEM and use it as a symmetric key for an authenticated cipher whose ciphertext is sent alongside the encapsulation to the receiver. This serves to compose a public-key encryption scheme out of a KEM and a symmetric-key authenticated cipher in a hybrid cryptosystem.
Most public-key encryption schemes such as RSAES-PKCS1-v1_5, RSAES-OAEP, and Elgamal encryption are limited to small messages and are almost always used to encrypt a short random secret key in a hybrid cryptosystem anyway. And although a public-key encryption scheme can conversely be converted to a KEM by choosing a random secret key and encrypting it as a message, it is easier to design and analyze a secure KEM than to design a secure public-key encryption scheme as a basis. So most modern public-key encryption schemes are based on KEMs rather than the other way around.
A KEM consists of three algorithms:
In the asymptotic setting of theoretical cryptography, the algorithms are all probabilistic polynomial-time in a security parameter , and the length of the secret key is a function of the security parameter .