Paper 2018/838

(Tightly) QCCA-Secure Key-Encapsulation Mechanism in the Quantum Random Oracle Model

Keita Xagawa and Takashi Yamakawa


This paper studies indistinguishability against quantum chosen-ciphertext attacks (IND-qCCA security) of key-encapsulation mechanisms (KEMs) in quantum random oracle model (QROM). We show that the SXY conversion proposed by Saito, Yamakawa, and Xagawa (EUROCRYPT 2018) and the HU conversion proposed by Jiang, Zhang, and Ma (PKC 2019) turn a weakly-secure deterministic public-key encryption scheme into an IND-qCCA-secure KEM scheme in the QROM. The proofs are very similar to those for the IND-CCA security in the QROM, easy to understand, and as tight as the original proofs.

Note: Correct errors on inaccurate keys and references. Add the proof for the HU conversion.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Minor revision. PQCrypto 2019
Tight securityquantum chosen-ciphertext securitypost-quantum cryptographyKEM
Contact author(s)
keita xagawa zv @ hco ntt co jp
2021-08-25: last of 4 revisions
2018-09-06: received
See all versions
Short URL
Creative Commons Attribution


      author = {Keita Xagawa and Takashi Yamakawa},
      title = {(Tightly) QCCA-Secure Key-Encapsulation Mechanism in the Quantum Random Oracle Model},
      howpublished = {Cryptology ePrint Archive, Paper 2018/838},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.