Despite the large number of certificateless encryption schemes proposed recently,many of them have been found insecure under a practical attack,called malicious-but-passive KGC(Key Generation Center)attack.In this work we propose the first generic construction of certificateless encryption,which can be proven secure against malicious-but-passive KGC attacks in the standard model.In order to encrypt a message of any length,we consider the KEM/DEM(key encapsulation mechanism/data encapsulation mechanism)framework in the certificateless setting,and propose a generic construction of certificateless key encapsulation mechanism(CL-KEM)secure against malicious-but-passive KGC attacks in the standard model.It is based on an identity-based KEM,a public key encryption and a message authentication code.The high efficiency of our construction is due to the efficient implementations of these underlying building blocks,and is comparable to Bentahar et al.’s CL-KEMs,which have only been proven secure under the random oracle model with no consideration of the malicious-but-passive KGC attack.We also introduce the notion of certificateless tag-based KEM(CL-TKEM),which is an extension of Abe et al.’s work to the certificateless setting.We show that an efficient CL-TKEM can be constructed by modifying our CL-KEM scheme.We also show that with a CL-TKEM and a data encapsulation mechanism secure under our proposed security model,an efficient certificateless hybrid encryption can be constructed by applying Abe et al.’s transformation in the certilicateless setting.