Definition: Key Encapsulation is a process of generating a random symmetric key and an asymmetric ciphertext against that key. It is a technique that takes a public key as input and then Encapsulates (encodes) the secret value and outputs a shared secret value. Likewise, the decapsulation algorithm called Decapsulate outputs the shared private key after taking the encapsulation and the private key as inputs.
Key Encapsulation explained
The algorithms that are necessary for Key Encapsulation are derived from hard mathematical problems, such as integer factorization. A quantum computer could solve these problems efficiently by breaking the secrecy of communication. However, there are a few problems that pose a big challenge even for quantum computers to solve; these problems help to build key exchange algorithms that are secure even in the existence of quantum computers.
In Key Encapsulation Mechanisms (KEMs), two people could agree on a secret key if one of them could send the secret key to the other in an encrypted form that only the other person could decrypt and use. Anyone with access to a party's public key can safely communicate a key to that party via a key encapsulation (a cryptographic primitive). Public key cryptography helps in encrypting a key that is used to encrypt the actual message using symmetric key cryptography.
A KEM uses the following three algorithms:
- Generate, create a public key and a private key (PK,SK).
- Encapsulate, starts with the input public key, and generates a shared secret value along with an “encapsulation” (a ciphertext) of this secret value(PK,C0)
- Decapsulate, which starts with the encapsulation and the private key, and outputs the shared secret value(SK, C0).
With public-key systems, the conventional method of sending a symmetric key is to first produce a random symmetric key and then encrypt it using the selected public key technique. The recipient then obtains the symmetric key by decrypting the public key message with the corresponding private key. Because symmetric keys are typically short, padding is added for comprehensive security. By creating a random element in the finite group that underlies the public key system and generating the symmetric key by hashing that element, KEMs streamline the procedure and complete the requirement for padding.
Key Wrap as a form of key encapsulation
A group of symmetric encryption algorithms known as "Key Wrap constructions" are made to enclose (encrypt) cryptographic key material. The Key Wrap methods are designed for (a) securing keys while being stored in insecure storage or (b) sending keys through untrustworthy communication networks. Block ciphers and cryptographic hash functions are common primitives used to build the constructs.
Although it differs from the more well-known asymmetric (public-key) Key Encapsulation techniques, Key Wrap can be considered a type of key encapsulation algorithm (e.g., PSEC-KEM).