Key Encapsulation Mechanism-Based Integrated Encryption Scheme (KEM-IES)

Abel C. H. Chen

Authors on Pith no claims yet

Pith reviewed 2026-05-12 03:10 UTC · model grok-4.3

classification 💻 cs.CR cs.NIcs.PF

keywords KEM-IESpost-quantum cryptographykey encapsulation mechanismAsconECIESquantum resistanceembedded systemsperformance evaluation

0 comments

The pith

KEM-IES replaces the classical key agreement in ECIES with a post-quantum KEM and adds Ascon to resist quantum attacks while improving efficiency on embedded hardware.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper proposes KEM-IES to address the quantum vulnerability of the widely used Elliptic Curve Integrated Encryption Scheme. It does so by substituting a post-quantum key encapsulation mechanism for the original key agreement step and by layering the Ascon algorithm for authenticated encryption. The resulting scheme is implemented on Raspberry Pi 4 hardware to compare performance against standard ECIES. A sympathetic reader would care because quantum computers threaten current public-key methods and because lightweight variants are needed for constrained devices in real deployments.

Core claim

KEM-IES is constructed by incorporating a PQC-based KEM into the integrated encryption framework of ECIES to provide resistance against quantum attacks, and by integrating the Ascon algorithm to enhance computational efficiency and support use in embedded systems, with the proposal validated through implementation on a Raspberry Pi 4 and performance comparisons.

What carries the argument

KEM-IES, the scheme that substitutes a post-quantum key encapsulation mechanism for ECIES key agreement and layers Ascon authenticated encryption.

Load-bearing premise

That substituting a PQC KEM for the classical key-agreement step in ECIES and layering Ascon preserves the original security guarantees while delivering measurable efficiency gains on embedded hardware without introducing new attack surfaces.

What would settle it

A successful quantum attack on the KEM component of KEM-IES or benchmark results from Raspberry Pi 4 showing higher runtime or memory use than ECIES would disprove the claimed benefits.

read the original abstract

The Elliptic Curve Integrated Encryption Scheme (ECIES) is widely regarded as a practical method and has been adopted by multiple standards. However, the advancement of quantum computing technologies poses potential security risks to ECIES. Therefore, this study proposes a Key Encapsulation Mechanism-Based Integrated Encryption Scheme (KEM-IES), which enhances resistance to quantum attacks by incorporating a Post-Quantum Cryptography (PQC)-based Key Encapsulation Mechanism (KEM). Furthermore, the study integrates the Ascon algorithm, released by the National Institute of Standards and Technology (NIST) in August 2025, to further improve computational efficiency and enable applicability to embedded systems. The proposed KEM-IES and its Ascon-based variant are implemented on a Raspberry Pi 4, and evaluations are conducted to compare the performance of ECIES and KEM-IES.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 0 minor

Summary. The manuscript proposes a Key Encapsulation Mechanism-Based Integrated Encryption Scheme (KEM-IES) obtained by substituting a post-quantum KEM for the key-agreement step of ECIES, thereby claiming enhanced resistance to quantum attacks. It further integrates the Ascon algorithm to improve computational efficiency and suitability for embedded systems. The authors state that both KEM-IES and its Ascon variant were implemented on a Raspberry Pi 4 and that performance comparisons with ECIES were conducted.

Significance. If the missing security argument, concrete construction, and performance data were supplied and shown to be sound, the work could provide a practical route to quantum-resistant integrated encryption for constrained devices, leveraging a NIST-selected lightweight primitive. At present the absence of any supporting evidence prevents assessment of whether the substitution preserves ECIES security properties or actually yields efficiency gains.

major comments (3)

Abstract: The text asserts that 'the proposed KEM-IES and its Ascon-based variant are implemented on a Raspberry Pi 4, and evaluations are conducted to compare the performance of ECIES and KEM-IES,' yet the manuscript contains no implementation description, threat model, performance metrics, or comparison tables, leaving all efficiency and applicability claims unsupported.
Abstract: No concrete post-quantum KEM is named and no integration details are given (e.g., which ECIES components are retained or replaced, how the KEM output is used for key derivation, or the resulting security model). Consequently the central claim that quantum resistance is achieved while preserving original guarantees cannot be verified.
Abstract: The statement that Ascon integration 'further improve[s] computational efficiency and enable[s] applicability to embedded systems' is presented without any description of Ascon's role (authenticated encryption, hash, or otherwise), any side-channel analysis, or any hardware-specific measurements, rendering the efficiency claim unsubstantiated.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the careful reading and constructive comments. We agree that the abstract, as currently written, is too high-level and does not supply the concrete details needed to substantiate the claims. We will perform a major revision that expands the abstract, adds dedicated sections on the construction, implementation, threat model, and performance evaluation, and supplies the missing evidence.

read point-by-point responses

Referee: [—] Abstract: The text asserts that 'the proposed KEM-IES and its Ascon-based variant are implemented on a Raspberry Pi 4, and evaluations are conducted to compare the performance of ECIES and KEM-IES,' yet the manuscript contains no implementation description, threat model, performance metrics, or comparison tables, leaving all efficiency and applicability claims unsupported.

Authors: We accept the observation. The abstract summarizes results that appear in later sections of the full manuscript, but those sections were not sufficiently referenced or excerpted in the abstract. In the revision we will (i) briefly mention the Raspberry Pi 4 platform and the measured metrics already in the abstract, (ii) add a new “Implementation and Evaluation” section that describes the software environment, the threat model (passive quantum adversary plus active classical adversary), the exact performance metrics collected (encryption/decryption latency, memory footprint, energy consumption), and (iii) include comparison tables and figures against ECIES. revision: yes
Referee: [—] Abstract: No concrete post-quantum KEM is named and no integration details are given (e.g., which ECIES components are retained or replaced, how the KEM output is used for key derivation, or the resulting security model). Consequently the central claim that quantum resistance is achieved while preserving original guarantees cannot be verified.

Authors: We agree that the abstract omits these specifics. The revised manuscript will name the concrete KEM (ML-KEM, the NIST-standardized module-lattice KEM) and will contain a dedicated “Construction” section that (a) states that the KEM replaces the elliptic-curve Diffie-Hellman step of ECIES, (b) shows how the KEM shared secret is fed into the same KDF used by ECIES to derive the symmetric key, (c) retains the original ECIES MAC and symmetric encryption steps (or their Ascon replacement), and (d) sketches the security argument: IND-CCA security of the KEM plus the standard ECIES assumptions yields quantum-resistant confidentiality while preserving the integrity properties of the original scheme. revision: yes
Referee: [—] Abstract: The statement that Ascon integration 'further improve[s] computational efficiency and enable[s] applicability to embedded systems' is presented without any description of Ascon's role (authenticated encryption, hash, or otherwise), any side-channel analysis, or any hardware-specific measurements, rendering the efficiency claim unsubstantiated.

Authors: We acknowledge the point. In the revision we will clarify that Ascon-128 is used as the authenticated-encryption primitive in place of the symmetric cipher/MAC combination of classic ECIES. The new “Ascon Integration” subsection will describe the exact API usage, provide a constant-time implementation note addressing side-channel concerns on the Raspberry Pi 4, and report concrete cycle counts and memory figures that demonstrate the efficiency improvement over the AES-based baseline. revision: yes

Circularity Check

0 steps flagged

No derivation chain or equations present; circularity analysis inapplicable

full rationale

The paper consists solely of a high-level abstract proposing KEM-IES by substituting a PQC KEM into ECIES and layering Ascon. No equations, derivations, fitted parameters, security reductions, or self-citations appear. Claims are design assertions without mathematical structure that could reduce to inputs by construction. No load-bearing steps of any enumerated kind exist.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

The abstract references only pre-existing primitives (ECIES, PQC KEMs, Ascon) and does not introduce or rely upon any new free parameters, unproven axioms, or postulated entities.

pith-pipeline@v0.9.0 · 5411 in / 1181 out tokens · 84559 ms · 2026-05-12T03:10:54.106039+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

The proposed KEM-IES employs a ML-KEM during the key exchange phase... integrates the Ascon algorithm... implemented on a Raspberry Pi 4
IndisputableMonolith/Foundation/RealityFromDistinction.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

KEM-IES and its Ascon-based variant... compare the performance of ECIES and KEM-IES

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.