Ciphertext Compression Techniques for Post-Quantum KEMs


A multi-recipient key encapsulation mechanism, or mKEM, provides a scalable solution to securely communicating to a large group, and offers savings in both bandwidth and computational cost compared to the trivial solution of communicating with each member individually. All prior works on mKEM are only limited to classical assumptions and, although some generic constructions are known, they all require specific properties that are not shared by most post-quantum schemes. In this work, we first provide a simple and efficient generic construction of mKEM that can be instantiated from versatile assumptions, including post-quantum ones. We then study these mKEM instantiations at a practical level using 8 post-quantum KEMs and show that compared to the trivial solution, our mKEM offers savings of at least one order of magnitude in the bandwidth.

Oct 22, 2020 11:30 AM — 11:18 PM
Cryptography Reading Group, University of Waterloo, Ontario, Canada