Paper 2023/792

On the Fujisaki-Okamoto transform: from Classical CCA Security to Quantum CCA Security

Jiangxia Ge, State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China, School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Tianshu Shan, State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China, School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Rui Xue, State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China, School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Abstract

The Fujisaki-Okamoto (\textsf{FO}) transformation (CRYPTO 1999 and Journal of Cryptology 2013) and its KEM variants (TCC 2017) are used to construct \textsf{IND-CCA}-secure PKE or KEM schemes in the random oracle model (ROM). In the post-quantum setting, the ROM is extended to the quantum random oracle model (QROM), and the \textsf{IND-CCA} security of \textsf{FO} transformation and its KEM variants in the QROM has been extensively analyzed. Grubbs et al. (EUROCRYPTO 2021) and Xagawa (EUROCRYPTO 2022) then focused on security properties other than \textsf{IND-CCA} security, such as the anonymity aganist chosen-ciphertext attacks (\textsf{ANO-CCA}) of \textsf{FO} transformation in the QROM. Beyond the post-quantum setting, Boneh and Zhandry (CRYPTO 2013) considered quantum adversaries that can perform the quantum chosen-ciphertext attacks (\textsf{qCCA}). However, to the best of our knowledge, there are few results on the \textsf{IND-qCCA} or \textsf{ANO-qCCA} security of \textsf{FO} transformation and its KEM variants in the QROM. In this paper, we define a class of security games called the oracle-hiding game, and provide a lifting theorem for it. This theorem lifts the security reduction of oracle-hiding games in the ROM to that in the QROM. With this theorem, we prove the \textsf{IND-qCCA} and \textsf{ANO-qCCA} security of transformation $\textsf{FO}^{\slashed{\bot}}$, $\textsf{FO}^{\bot}$, $\textsf{FO}_m^{\slashed{\bot}}$ and $\textsf{FO}_m^\bot$, which are KEM variants of \textsf{FO}, in the QROM. Moreover, we prove the \textsf{ANO-qCCA} security of the hybrid PKE schemes built via the KEM-DEM paradigm, where the underlying KEM schemes are obtained by $\textsf{FO}^{\slashed{\bot}}$, $\textsf{FO}^{\bot}$, $\textsf{FO}_m^{\slashed{\bot}}$ and $\textsf{FO}_m^\bot$. Notably, for those hybrid PKE schemes, our security reduction shows that their anonymity is independent of the security of their underlying DEM schemes. Hence, our result simplifies the anonymity analysis of the hybrid PKE schemes that obtained from the \textsf{FO} transformation.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
quantum chosen-ciphertext attacksquantum random oracle modelanonymityFujisaki-Okamoto transformation
Contact author(s)
gejiangxia @ iie ac cn
shantianshu @ iie ac cn
xuerui @ iie ac cn
History
2023-06-06: approved
2023-05-30: received
See all versions
Short URL
https://ia.cr/2023/792
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/792,
      author = {Jiangxia Ge and Tianshu Shan and Rui Xue},
      title = {On the Fujisaki-Okamoto transform: from Classical CCA Security to Quantum CCA Security},
      howpublished = {Cryptology ePrint Archive, Paper 2023/792},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/792}},
      url = {https://eprint.iacr.org/2023/792}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.