Paper 2018/928

Generic Authenticated Key Exchange in the Quantum Random Oracle Model

Kathrin Hövelmanns, Eike Kiltz, Sven Schäge, and Dominique Unruh


We propose FO-AKE a generic construction of two-message authenticated key exchange (AKE) from any passively secure public key encryption (PKE) in the quantum random oracle model (QROM). Whereas previous AKE constructions relied on a Diffie-Hellman key exchange or required the underlying PKE scheme to be perfectly correct, our transformation allows arbitrary PKE schemes with non-perfect correctness. Furthermore, we avoid the use of (quantum-secure) digital signature schemes which are considerably less efficient than their PKE counterparts. As a consequence, we can instantiate our AKE transformation with any of the submissions to the recent NIST post-quantum competition, e.g., ones based on codes and lattices. FO-AKE can be seen as a generalization of the well known Fujisaki-Okamoto transformation (for building actively secure PKE from passively secure PKE) to the AKE setting. Therefore, as a helper result, we also provide a security proof for the Fujisaki-Okamoto transformation in the QROM for PKE with non-perfect correctness. Our reduction fixes several gaps in a previous proof (CRYPTO 2018), is tighter, and tolerates a larger correctness error.

Note: Added missing acknowledgments

Available format(s)
Public-key cryptography
Publication info
A minor revision of an IACR publication in PKC 2020
Authenticated key exchangequantum random oracle modelNISTFujisaki- Okamoto.
Contact author(s)
Kathrin Hoevelmanns @ ruhr-uni-bochum de
sschaege @ googlemail com
eike kiltz @ rub de
unruh @ ut ee
2020-01-29: last of 6 revisions
2018-10-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Kathrin Hövelmanns and Eike Kiltz and Sven Schäge and Dominique Unruh},
      title = {Generic Authenticated Key Exchange in the Quantum Random Oracle Model},
      howpublished = {Cryptology ePrint Archive, Paper 2018/928},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.