A hybrid encryption (HE) system is an efficient public key encryption system for arbitrarily long messages. An HE system consists of a public key component called key encapsulation mechanism (KEM), and a symmetric key component called data encapsulation mechanism (DEM). The HE encryption algorithm uses a KEM generated key k to encapsulate the message using DEM, and send the ciphertext together with the encapsulaton of k, to the decryptor who decapsulates k and uses it to decapsulate the message using the corresponding KEM and DEM components. The KEM/DEM composition theorem proves that if KEM and DEM satisfy well-defined security notions, then HE will be secure with well defined security. We introduce HE in correlated randomness model where the encryption and decryption algorithms have samples of correlated random variables that are partially leaked to the adversary. Security of the new KEM/DEM paradigm is defined against computationally unbounded or polynomially bounded adversaries. We define iKEM and cKEM with respective information theoretic computational security, and prove a composition theorem for them and a computationally secure DEM, resulting in secure HEs with proved computational security (CPA and CCA) and without any computational assumption. We construct two iKEMs that provably satisfy the required security notions of the composition theorem. The iKEMs are used to construct two efficient quantum-resistant HEs when used with an AES based DEM. We also define and construct combiners with proved security that combine the new KEM/DEM paradigm of HE with the traditional public key based paradigm of HE.

翻译：混合加密（HE）系统是一种适用于任意长度消息的高效公钥加密系统。HE系统由称为密钥封装机制（KEM）的公钥组件和称为数据封装机制（DEM）的对称密钥组件组成。HE加密算法使用KEM生成的密钥k通过DEM封装消息，并将密文与k的封装一同发送给解密方。解密方对k进行解封装后，使用相应的KEM和DEM组件解封装消息。KEM/DEM复合定理证明：若KEM和DEM分别满足明确定义的安全概念，则HE将具有定义明确的安全性。本文在关联随机性模型中引入HE，其中加密和解密算法拥有部分泄露给攻击者的关联随机变量样本。新KEM/DEM范式的安全性针对计算无界或多项式有界的攻击者进行定义。我们分别定义具有信息论计算安全性的iKEM和cKEM，并证明它们与计算安全的DEM的复合定理，从而得到无需任何计算假设即可证明计算安全（CPA和CCA）的HE系统。我们构建了两个可证明满足复合定理所需安全概念的iKEM。当与基于AES的DEM结合使用时，这些iKEM可用于构建两种高效抗量子HE系统。我们还定义并构建了具有可证明安全性的组合器，将基于新KEM/DEM范式的HE与传统公钥范式的HE相结合。