Paper 2025/062
Treating dishonest ciphertexts in post-quantum KEMs -- explicit vs. implicit rejection in the FO transform
Abstract
We revisit a basic building block in the endeavor to migrate to post-quantum secure cryptography, Key Encapsulation Mechanisms (KEMs). KEMs enable the establishment of a shared secret key, using only public communication. When targeting chosen-ciphertext security against quantum attackers, the go-to method is to design a Public-Key Encryption (PKE) scheme and then apply a variant of the PKE-to-KEM conversion known as the Fujisaki-Okamoto (FO) transform, which we revisit in this work. Intuitively, FO ensures chosen-ciphertext security by rejecting dishonest messages. This comes in two flavors -- the KEM could reject by returning 'explicit' failure symbol
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. PQCrypto 2025
- Keywords
- Post-quantumPublic-key encryptionKey EncapsulationFujisaki-Okamoto transformQROMNIST
- Contact author(s)
-
kathrin @ hoevelmanns net
mishel kudinov @ gmail com - History
- 2025-01-16: approved
- 2025-01-15: received
- See all versions
- Short URL
- https://ia.cr/2025/062
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/062, author = {Kathrin Hövelmanns and Mikhail Kudinov}, title = {Treating dishonest ciphertexts in post-quantum {KEMs} -- explicit vs. implicit rejection in the {FO} transform}, howpublished = {Cryptology {ePrint} Archive, Paper 2025/062}, year = {2025}, url = {https://eprint.iacr.org/2025/062} }