Paper 2025/299

(Un)breakable curses - re-encryption in the Fujisaki-Okamoto transform

Kathrin Hövelmanns, Eindhoven University of Technology
Andreas Hülsing, Eindhoven University of Technology, SandboxAQ
Christian Majenz, Technical University of Denmark
Fabrizio Sisinni, Technical University of Denmark
Abstract

The Fujisaki-Okamoto transform (FO) is the go-to method for achieving chosen-ciphertext (CCA) security for post-quantum key encapsulation mechanisms (KEMs). An important step in FO is augmenting the decryption/ decapsulation algorithm with a re-encryption step -- the decrypted message is re-encrypted to check whether the correct encryption randomness was used. While solving a security problem (ciphertext-malleability), re-encryption has turned out to introduce side-channel vulnerabilities and is computationally expensive, which has lead designers to searching for alternatives. In this work, we perform a comprehensive study of such alternatives. We formalize a central security property, computational rigidity, and show that it is sufficient for obtaining CCA security. We present a framework for analyzing algorithms that can replace re-encryption and still achieve rigidity, and analyze existing proposals in this framework. Along the way, we pick up a novel QROM security statement for explicitly rejecting KEMs based on deterministic PKE schemes, something that so far only was possible when requiring a hard-to-ensure quantum property for the base PKE scheme.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
Public-key encryptionpost-quantum securityQROMFujisaki-Okamoto transformationre-encryptionside-channel attacks
Contact author(s)
kathrin @ hoevelmanns net
andreas @ huelsing net
chmaj @ dtu dk
fasi @ dtu dk
History
2025-02-21: approved
2025-02-20: received
See all versions
Short URL
https://ia.cr/2025/299
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/299,
      author = {Kathrin Hövelmanns and Andreas Hülsing and Christian Majenz and Fabrizio Sisinni},
      title = {(Un)breakable curses - re-encryption in the Fujisaki-Okamoto transform},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/299},
      year = {2025},
      url = {https://eprint.iacr.org/2025/299}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.