Abstract: A hybrid encryption scheme links a first public key encryption (PKE) scheme with a second PKE scheme through a true random or pseudo-random element, which is used by a sender to encapsulate a symmetrically encrypted message and its associated symmetric key to generate a pair of ciphertexts for transmission to a recipient. The recipient decrypts and decapsulates the ciphertexts, retrieves the random element, and may conduct one or more verification steps to ensure that the ciphertexts were well-formed, and to detect any re-encryption or encapsulation attacks. To encrypt a message, the message and initial random value are encrypted with a symmetric key to provide an intermediate ciphertext. The symmetric key and the encrypted message-value are each encapsulated by distinct algorithms using distinct values derived from the initial random value, such as different hashes, and public keys to provide first and second ciphertexts.

Abstract: A hybrid encryption scheme links a first public key encryption (PKE) scheme with a second PKE scheme through a true random or pseudo-random element, which is used by a sender to encapsulate a symmetrically encrypted message and its associated symmetric key to generate a pair of ciphertexts for transmission to a recipient. The recipient decrypts and decapsulates the ciphertexts, retrieves the random element, and may conduct one or more verification steps to ensure that the ciphertexts were well-formed, and to detect any re-encryption or encapsulation attacks. To encrypt a message, the message and initial random value are encrypted with a symmetric key to provide an intermediate ciphertext. The symmetric key and the encrypted message-value are each encapsulated by distinct algorithms using distinct values derived from the initial random value, such as different hashes, and public keys to provide first and second ciphertexts.

Abstract: A method for providing efficient management of certificate revocation may comprise storing a list of identifiers of digital certificates including a revocation list defining a list of revoked certificates in an accumulator, storing a witness value in association with at least some entries in the revocation list in which the witness value provides proof of the membership or non-membership of an identifier in the revocation list, enabling generation of a new accumulator and a new witness value responsive to each insertion or deletion of an entry in the revocation list, and enabling batch updates to the revocation list using a reduced bitlength value generated based on to a ratio of a value generated based on elements added to the revocation list to a value generated based on elements deleted from the revocation list. A corresponding apparatus is also provided.

Abstract: A method for providing efficient management of certificate revocation may comprise storing a list of identifiers of digital certificates including a revocation list defining a list of revoked certificates in an accumulator, storing a witness value in association with at least some entries in the revocation list in which the witness value provides proof of the membership or non-membership of an identifier in the revocation list, enabling generation of a new accumulator and a new witness value responsive to each insertion or deletion of an entry in the revocation list, and enabling batch updates to the revocation list using a reduced bitlength value generated based on to a ratio of a value generated based on elements added to the revocation list to a value generated based on elements deleted from the revocation list. A corresponding apparatus is also provided.