翻訳と辞書 Words near each other ・ "O" Is for Outlaw ・ "O"-Jung.Ban.Hap. ・ "Ode-to-Napoleon" hexachord ・ "Oh Yeah!" Live ・ "Our Contemporary" regional art exhibition (Leningrad, 1975) ・ "P" Is for Peril ・ "Pimpernel" Smith ・ "Polish death camp" controversy ・ "Pro knigi" ("About books") ・ "Prosopa" Greek Television Awards ・ "Pussy Cats" Starring the Walkmen ・ "Q" Is for Quarry ・ "R" Is for Ricochet ・ "R" The King (2016 film) ・ "Rags" Ragland ・ ! (album) ・ ! (disambiguation) ・ !! ・ !!! ・ !!! (album) ・ !!Destroy-Oh-Boy!! ・ !Action Pact! ・ !Arriba! La Pachanga ・ !Hero ・ !Hero (album) ・ !Kung language ・ !Oka Tokat ・ !PAUS3 ・ !T.O.O.H.! ・ !Women Art Revolution Dictionary Lists mini英和辞書 mini和英辞書 Webster 1913 Latin-English FOLDOC Wikipedia English ウィキペディア

翻訳と辞書　辞書検索 [ 開発暫定版 ] スポンサード リンク key encapsulation ： ウィキペディア英語版 key encapsulation Key encapsulation mechanisms (KEMs) are a class of encryption techniques designed to secure symmetric cryptographic key material for transmission using asymmetric (public-key) algorithms. In practice, public key systems are clumsy to use in transmitting long messages. Instead they are often used to exchange symmetric keys, which are relatively short. The symmetric key is then used to encrypt the longer message. The traditional approach to sending a symmetric key with public key systems is to first generate a random symmetric key and then encrypt it using the chosen public key algorithm. The recipient then decrypts the public key message to recover the symmetric key. As the symmetric key is generally short, padding is required for full security and proofs of security for padding schemes are often less than complete.〔(An OAEP Variant With a Tight Security Proof – Draft 1.0 ), Jakob Jonsson, 2002〕 KEMs simplify the process by generating a random element in the finite group underlying the public key system and deriving the symmetric key by hashing that element, eliminating the need for padding. ==Example using RSA encryption== Using the same notation employed in the RSA system article, say Alice has transmitted her public key $(n,\; e)$ to Bob, while keeping her private key secret, as usual. Bob then wishes to send symmetric key M to Alice. M might be a 128 or 256-bit AES key, for example. Note that the public key ''n'' is typically 1024-bits or even longer, thus much larger than typical symmetric keys. If ''e'' is small enough that To avoid such potential weakness, Bob first turns M into a larger integer by using an agreed-upon reversible protocol known as a padding scheme, such as OAEP. He then computes the ciphertext $c$ corresponding to: : $c\; \backslash equiv\; m^e\; \backslash pmod.$ Alice can recover $m$ from $c$ by using her private key exponent $d$ by the following computation: : $m\; \backslash equiv\; c^d\; \backslash pmod.$ Given $m$, she recovers the original message M by reversing the padding scheme. With KEM the process is simplified as follows:〔(Key Encapsulation: A New Scheme for Public-Key Encryption ) XML Security Working Group F2F, May 2009〕 Instead of generating a random symmetric key M, Bob first generates a random ''m,'' . He derives his symmetric key M by $M\; =\; KDF(m)$, where ''KDF'' is a key derivation function, such as a cryptographic hash. He then computes the ciphertext $c$ corresponding to ''m'': : $c\; \backslash equiv\; m^e\; \backslash pmod.$ Alice then recovers $m$ from $c$ by using her private key exponent $d$ by the same method as above: : $m\; \backslash equiv\; c^d\; \backslash pmod.$ Given $m$, she can recover the symmetric key M by $M\; =\; KDF(m)$. The KEM eliminates the complexity of the padding scheme and the proofs needed to show the padding is secure.〔 p. 4 Note that while M can be calculated from m in the KEM approach, the reverse is not possible, assuming the key derivation function is one-way. An attacker who somehow recovers M cannot get the plaintext ''m''. With the padding approach, he can. Thus KEM is said to encapsulate the key. Note that if the same ''m'' is used to encapsulate keys for ''e'' or more recipients, and the receivers share the same exponent ''e,'' but different ''p, q,'' and ''n,'' then one can recover ''m'' via the Chinese remainder theorem. Thus, if key encapsulations for several recipients need to be computed, independent values ''m'' should be used. Similar techniques are available for Diffie-Hellman encryption and other public key methods.〔(PSEC-KEM ) for ECC〕 抄文引用元・出典: フリー百科事典『 ウィキペディア（Wikipedia）』 ■ウィキペディアで「key encapsulation」の詳細全文を読む スポンサード リンク 翻訳と辞書 : 翻訳のためのインターネットリソース Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.