Paper 2023/792
On the Fujisaki-Okamoto transform: from Classical CCA Security to Quantum CCA Security
Abstract
The Fujisaki-Okamoto (\textsf{FO}) transformation (CRYPTO 1999 and Journal of Cryptology 2013) and its KEM variants (TCC 2017) are used to construct \textsf{IND-CCA}-secure PKE or KEM schemes in the random oracle model (ROM).
In the post-quantum setting, the ROM is extended to the quantum random oracle model (QROM), and the \textsf{IND-CCA} security of \textsf{FO} transformation and its KEM variants in the QROM has been extensively analyzed. Grubbs et al. (EUROCRYPTO 2021) and Xagawa (EUROCRYPTO 2022) then focused on security properties other than \textsf{IND-CCA} security, such as the anonymity aganist chosen-ciphertext attacks (\textsf{ANO-CCA}) of \textsf{FO} transformation in the QROM.
Beyond the post-quantum setting, Boneh and Zhandry (CRYPTO 2013) considered quantum adversaries that can perform the quantum chosen-ciphertext attacks (\textsf{qCCA}). However, to the best of our knowledge, there are few results on the \textsf{IND-qCCA} or \textsf{ANO-qCCA} security of \textsf{FO} transformation and its KEM variants in the QROM.
In this paper, we define a class of security games called the oracle-hiding game, and provide a lifting theorem for it. This theorem lifts the security reduction of oracle-hiding games in the ROM to that in the QROM.
With this theorem, we prove the \textsf{IND-qCCA} and \textsf{ANO-qCCA} security of transformation
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint.
- Keywords
- quantum chosen-ciphertext attacksquantum random oracle modelanonymityFujisaki-Okamoto transformation
- Contact author(s)
-
gejiangxia @ iie ac cn
shantianshu @ iie ac cn
xuerui @ iie ac cn - History
- 2023-06-06: approved
- 2023-05-30: received
- See all versions
- Short URL
- https://ia.cr/2023/792
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/792, author = {Jiangxia Ge and Tianshu Shan and Rui Xue}, title = {On the Fujisaki-Okamoto transform: from Classical {CCA} Security to Quantum {CCA} Security}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/792}, year = {2023}, url = {https://eprint.iacr.org/2023/792} }