You are looking at a specific version 20210621:193845 of this paper.
See the latest version.
Paper 2021/844
A note on IND-qCCA security in the ROM and its applications
Loïs Huguenin-Dumittan and Serge Vaudenay
Abstract
We show in this note that bounded KEM IND-CCA security (IND-qCCA) is easily obtained from any passively secure PKE in the (Q)ROM. That is, simply adding a confirmation hash or computing the key as the hash of the plaintext and ciphertext holds an IND-qCCA KEM. In particular, there is no need for derandomization or re-encryption as in the Fujisaki-Okamoto transform. Such KEMs could be used in the recently proposed KEMTLS protocol [ACM CCS 2020] that requires IND-1CCA ephemeral key-exchange mechanisms. We also highlight and briefly discuss several use cases of IND-1CCA KEMs in TLS and ratcheting primitives.
Metadata
- Available format(s)
- Publication info
- Preprint. MINOR revision.
- Contact author(s)
- lois huguenin-dumittan @ epfl ch,serge vaudenay @ epfl ch
- History
- 2022-12-16: last of 2 revisions
- 2021-06-21: received
- See all versions
- Short URL
- https://ia.cr/2021/844
- License
-
CC BY