You are looking at a specific version 20210621:193845 of this paper. See the latest version.

Paper 2021/844

A note on IND-qCCA security in the ROM and its applications

Loïs Huguenin-Dumittan and Serge Vaudenay

Abstract

We show in this note that bounded KEM IND-CCA security (IND-qCCA) is easily obtained from any passively secure PKE in the (Q)ROM. That is, simply adding a confirmation hash or computing the key as the hash of the plaintext and ciphertext holds an IND-qCCA KEM. In particular, there is no need for derandomization or re-encryption as in the Fujisaki-Okamoto transform. Such KEMs could be used in the recently proposed KEMTLS protocol [ACM CCS 2020] that requires IND-1CCA ephemeral key-exchange mechanisms. We also highlight and briefly discuss several use cases of IND-1CCA KEMs in TLS and ratcheting primitives.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Contact author(s)
lois huguenin-dumittan @ epfl ch,serge vaudenay @ epfl ch
History
2022-12-16: last of 2 revisions
2021-06-21: received
See all versions
Short URL
https://ia.cr/2021/844
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.