A multi-recipient key encapsulation mechanism, or mKEM, provides a scalable solution to securely communicating to a large group, and offers savings in both bandwidth and computational cost compared to the trivial solution of communicating with each member individually. All prior works on mKEM are only limited to classical assumptions and, although some generic constructions are known, they all require specific properties that are not shared by most post-quantum schemes. In this work, we first provide a simple and efficient generic construction of mKEM that can be instantiated from versatile assumptions, including post-quantum ones. We then study these mKEM instantiations at a practical level using 8 post-quantum mKEMs (which are lattice and isogeny-based NIST candidates), and CSIDH, and show that compared to the trivial solution, our mKEM offers savings of at least one order of magnitude in the bandwidth, and make encryption time shorter by a factor ranging from 1.92 to 35. Additionally, we show that by combining mKEM with the TreeKEM protocol used by MLS – an IETF draft for secure group messaging – we obtain significant bandwidth savings.

Scalable Ciphertext Compression Techniques for Post-quantum KEMs and Their Applications / Katsumata, Shuichi; Kwiatkowski, Kris; Pintore, Federico; Prest, Thomas. - 12491:(2020), pp. 289-320. (Intervento presentato al convegno ASIACRYPT 2020 tenutosi a Virtual nel 07-11 December 2020) [10.1007/978-3-030-64837-4_10].

Scalable Ciphertext Compression Techniques for Post-quantum KEMs and Their Applications

Pintore, Federico;Prest, Thomas
2020-01-01

Abstract

A multi-recipient key encapsulation mechanism, or mKEM, provides a scalable solution to securely communicating to a large group, and offers savings in both bandwidth and computational cost compared to the trivial solution of communicating with each member individually. All prior works on mKEM are only limited to classical assumptions and, although some generic constructions are known, they all require specific properties that are not shared by most post-quantum schemes. In this work, we first provide a simple and efficient generic construction of mKEM that can be instantiated from versatile assumptions, including post-quantum ones. We then study these mKEM instantiations at a practical level using 8 post-quantum mKEMs (which are lattice and isogeny-based NIST candidates), and CSIDH, and show that compared to the trivial solution, our mKEM offers savings of at least one order of magnitude in the bandwidth, and make encryption time shorter by a factor ranging from 1.92 to 35. Additionally, we show that by combining mKEM with the TreeKEM protocol used by MLS – an IETF draft for secure group messaging – we obtain significant bandwidth savings.
2020
Advances in Cryptology – ASIACRYPT 2020
Cham
Springer
9783030648367
9783030648374
Katsumata, Shuichi; Kwiatkowski, Kris; Pintore, Federico; Prest, Thomas
Scalable Ciphertext Compression Techniques for Post-quantum KEMs and Their Applications / Katsumata, Shuichi; Kwiatkowski, Kris; Pintore, Federico; Prest, Thomas. - 12491:(2020), pp. 289-320. (Intervento presentato al convegno ASIACRYPT 2020 tenutosi a Virtual nel 07-11 December 2020) [10.1007/978-3-030-64837-4_10].
File in questo prodotto:
File Dimensione Formato  
Scalable Ciphertext.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 983.59 kB
Formato Adobe PDF
983.59 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/415030
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 10
  • ???jsp.display-item.citation.isi??? ND
  • OpenAlex ND
social impact