Paper 2022/1230

Group Action Key Encapsulation and Non-Interactive Key Exchange in the QROM

Julien Duman, Ruhr University Bochum
Dominik Hartmann, Ruhr University Bochum
Eike Kiltz, Ruhr University Bochum
Sabrina Kunzweiler, Ruhr University Bochum
Jonas Lehmann, Ruhr University Bochum
Doreen Riepel, Ruhr University Bochum

In the context of quantum-resistant cryptography, cryptographic group actions offer an abstraction of isogeny-based cryptography in the Commutative Supersingular Isogeny Diffie-Hellman (CSIDH) setting. In this work, we revisit the security of two previously proposed natural protocols: the Group Action Hashed ElGamal key encapsulation mechanism (GA-HEG KEM) and the Group Action Hashed Diffie-Hellman non-interactive key-exchange (GA-HDH NIKE) protocol. The latter protocol has already been considered to be used in practical protocols such as Post-Quantum WireGuard (S&P '21) and OPTLS (CCS '20). We prove that active security of the two protocols in the Quantum Random Oracle Model (QROM) inherently relies on very strong variants of the Group Action Strong CDH problem, where the adversary is given arbitrary quantum access to a DDH oracle. That is, quantum accessible Strong CDH assumptions are not only sufficient but also necessary to prove active security of the GA-HEG KEM and the GA-HDH NIKE protocols. Furthermore, we propose variants of the protocols with QROM security from the classical Strong CDH assumption, i.e., CDH with classical access to the DDH oracle. Our first variant uses key confirmation and can therefore only be applied in the KEM setting. Our second but considerably less efficient variant is based on the twinning technique by Cash et al. (EUROCRYPT '08) and in particular yields the first actively secure isogeny-based NIKE with QROM security from the standard CDH assumption.

Available format(s)
Public-key cryptography
Publication info
A major revision of an IACR publication in ASIACRYPT 2022
Group actions CSIDH Hashed ElGamal NIKE QROM twinning
Contact author(s)
julien duman @ rub de
dominik hartmann @ rub de
eike kiltz @ rub de
sabrina kunzweiler @ rub de
jonas lehmann-c6j @ rub de
doreen riepel @ rub de
2022-09-19: approved
2022-09-16: received
See all versions
Short URL
Creative Commons Attribution


      author = {Julien Duman and Dominik Hartmann and Eike Kiltz and Sabrina Kunzweiler and Jonas Lehmann and Doreen Riepel},
      title = {Group Action Key Encapsulation and Non-Interactive Key Exchange in the QROM},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1230},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.