Paper 2017/1096

IND-CCA-secure Key Encapsulation Mechanism in the Quantum Random Oracle Model, Revisited

Haodong Jiang, Zhenfeng Zhang, Long Chen, Hong Wang, and Zhi Ma


With the gradual progress of NIST's post-quantum cryptography standardization, the Round-1 KEM proposals have been posted for public to discuss and evaluate. Among the IND-CCA-secure KEM constructions, mostly, an IND-CPA-secure (or OW-CPA-secure) public-key encryption (PKE) scheme is first introduced, then some generic transformations are applied to it. All these generic transformations are constructed in the random oracle model (ROM). To fully assess the post-quantum security, security analysis in the quantum random oracle model (QROM) is preferred. However, current works either lacked a QROM security proof or just followed Targhi and Unruh's proof technique (TCC-B 2016) and modified the original transformations by adding an additional hash to the ciphertext to achieve the QROM security. In this paper, by using a novel proof technique, we present QROM security reductions for two widely used generic transformations without suffering any ciphertext overhead. Meanwhile, the security bounds are much tighter than the ones derived by utilizing Targhi and Unruh's proof technique. Thus, our QROM security proofs not only provide a solid post-quantum security guarantee for NIST Round-1 KEM schemes, but also simplify the constructions and reduce the ciphertext sizes. We also provide QROM security reductions for Hofheinz-Hoevelmanns-Kiltz modular transformations (TCC 2017), which can help to obtain a variety of combined transformations with different requirements and properties.

Note: Some issues are clarified. Subsequent Works are also discussed.

Available format(s)
Public-key cryptography
Publication info
A minor revision of an IACR publication in CRYPTO 2018
public-key cryptographyquantum random oracle modelkey encapsulation mechanismIND-CCA securitygeneric transformation
Contact author(s)
hdjiang13 @ gmail com
2019-07-03: last of 5 revisions
2017-11-11: received
See all versions
Short URL
Creative Commons Attribution


      author = {Haodong Jiang and Zhenfeng Zhang and Long Chen and Hong Wang and Zhi Ma},
      title = {IND-CCA-secure Key Encapsulation Mechanism in the Quantum Random Oracle Model, Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1096},
      year = {2017},
      doi = {10.1007/978-3-319-96878-0_4},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.