Paper 2019/052

Key Encapsulation Mechanism with Explicit Rejection in the Quantum Random Oracle Model

Haodong Jiang, Zhenfeng Zhang, and Zhi Ma

Abstract

The recent post-quantum cryptography standardization project launched by NIST increased the interest in generic key encapsulation mechanism (KEM) constructions in the quantum random oracle (QROM). Based on a OW-CPA-secure public-key encryption (PKE), Hofheinz, Hövelmanns and Kiltz (TCC 2017) first presented two generic constructions of an IND-CCA-secure KEM with quartic security loss in the QROM, one with implicit rejection (a pseudorandom key is return for an invalid ciphertext) and the other with explicit rejection (an abort symbol is returned for an invalid ciphertext). Both are widely used in the NIST Round-1 KEM submissions and the ones with explicit rejection account for 40%. Recently, the security reductions have been improved to quadratic loss under a standard assumption, and be tight under a nonstandard assumption by Jiang et al. (Crypto 2018) and Saito, Xagawa and Yamakawa (Eurocrypt 2018). However, these improvements only apply to the KEM submissions with implicit rejection and the techniques do not seem to carry over to KEMs with explicit rejection. In this paper, we provide three generic constructions of an IND-CCA-secure KEM with explicit rejection, under the same assumptions and with the same tightness in the security reductions as the aforementioned KEM constructions with implicit rejection (Crypto 2018, Eurocrypt 2018). Specifically, we develop a novel approach to verify the validity of a ciphertext in the QROM and use it to extend the proof techniques for KEM constructions with implicit rejection (Crypto 2018, Eurocrypt 2018) to our KEM constructions with explicit rejection. Moreover, using an improved version of one-way to hiding lemma by Ambainis, Hamburg and Unruh (ePrint 2018/904), for two of our constructions, we present tighter reductions to the standard IND-CPA assumption. Our results directly apply to 9 KEM submissions with explicit rejection, and provide tighter reductions than previously known (TCC 2017).

Metadata
Available format(s)
PDF
Publication info
Published by the IACR in PKC 2019
Keywords
quantum random oracle modelkey encapsulation mechanismexplicit rejectiongeneric construction
Contact author(s)
zfzhang @ tca iscas ac cn
ma_zhi @ 163 com
History
2019-01-25: received
Short URL
https://ia.cr/2019/052
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/052,
      author = {Haodong Jiang and Zhenfeng Zhang and Zhi Ma},
      title = {Key Encapsulation Mechanism with Explicit Rejection in the Quantum Random Oracle Model},
      howpublished = {Cryptology ePrint Archive, Paper 2019/052},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/052}},
      url = {https://eprint.iacr.org/2019/052}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.