Tighter Proofs of CCA Security in the Quantum Random Oracle Model

Bindel, Nina; Hamburg, Mike; Hövelmanns, Kathrin; Hülsing, Andreas; Persichetti, Edoardo

doi:10.1007/978-3-030-36033-7_3

Cited by 52 publications

(30 citation statements)

References 17 publications

(19 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We can axiomatize O2H results in a similar way to what was done for semi-constant and small-range distributions, as long as these results are used to hop between games whose code does not perform measurements. Indeed, we could formalize variant (1) of the O2H theorem in [1] even though it relies on a semi-classical oracle, by using that form stated in [13]: since the semi-classical oracle is only used to define an event that is used to bound the distance between the two games, we can state the axiom by moving the measurement step inside the adversary and redefining that event over the adversary's output. However, formalizing proofs that explicitly manipulate semi-classical oracles would require extending the tool to allow capturing the measurement operation.…”

Section: Other Proof Techniques For Qrommentioning

confidence: 99%

“…For instance in [1], the notion of a semiclassical oracle is introduced, where an event that determines the security bound is defined based on a measurement. We can capture such bounds in our system whenever they can be recast by moving the final measurement step in reduction to the adversaries and quantifying existentially over adversaries, as described in [13]. We provide more details in Section 8.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

EasyPQC: Verifying Post-Quantum Cryptography

Barbosa

Barthe

Fan³

et al. 2021

Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

EasyCrypt is a formal verification tool used extensively for formalizing concrete security proofs of cryptographic constructions. However, the EasyCrypt formal logics consider only classical attackers, which means that post-quantum security proofs cannot be formalized and machine-checked with this tool. In this paper we prove that a natural extension of the EasyCrypt core logics permits capturing a wide class of post-quantum cryptography proofs, settling a question raised by (Unruh, POPL 2019). Leveraging our positive result, we implement EasyPQC, an extension of EasyCrypt for post-quantum security proofs, and use EasyPQC to verify postquantum security of three classic constructions: PRF-based MAC, Full Domain Hash and GPV08 identity-based encryption.

show abstract

Section: Other Proof Techniques For Qrommentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

EasyPQC: Verifying Post-Quantum Cryptography

Barbosa

Barthe

Fan³

et al. 2021

Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…The FO transform (roughly) converts any IND-CPA secure PKE into an IND-CCA secure KEM. There are several variants of the FO transform and most of the variants are secure in the ROM [18,23,28,45] and/or QROM [15,28,[33][34][35][36]48,50,53]. The high-level construction is as follows: to encrypt, we sample a random message M M and derive randomness for the underlying encryption algorithm of the PKE by hashing M with a hash function G modeled as a (Q)RO.…”

Section: Our Contributions and Techniquesmentioning

confidence: 99%

“…Some schemes may require an upper bound on N since the concrete provably-secure parameters may have a dependance on N , e.g., the reduction loss degrades by a factor of 1/N . Our proposal does not require such an upper bound since N only shows up in a statistical manner, and so we can handle large N , say N = 2 15 , without having any large impact on the concrete parameter choice.…”

Section: Remark 3 (Number Of Recipients)mentioning

confidence: 99%

See 1 more Smart Citation

Scalable Ciphertext Compression Techniques for Post-quantum KEMs and Their Applications

Katsumata

Kwiatkowski²,

Pintore

et al. 2020

Advances in Cryptology – ASIACRYPT 2020

View full text Add to dashboard Cite

A multi-recipient key encapsulation mechanism, or mKEM, provides a scalable solution to securely communicating to a large group, and o↵ers savings in both bandwidth and computational cost compared to the trivial solution of communicating with each member individually. All prior works on mKEM are only limited to classical assumptions and, although some generic constructions are known, they all require specific properties that are not shared by most post-quantum schemes. In this work, we first provide a simple and e cient generic construction of mKEM that can be instantiated from versatile assumptions, including post-quantum ones. We then study these mKEM instantiations at a practical level using 8 post-quantum KEMs (which are lattice and isogeny-based NIST candidates), and CSIDH, and show that compared to the trivial solution, our mKEM o↵ers savings of at least one order of magnitude in the bandwidth, and make encryption time shorter by a factor ranging from 1.92 to 35. Additionally, we show that by combining mKEM with the TreeKEM protocol used by MLS -an IETF draft for secure group messaging -we obtain significant bandwidth savings.

show abstract

Public‐Key Encryption and Security Notions

Attrapadung

Matsuda

2022

Asymmetric Cryptography

View full text Add to dashboard Cite

Tighter Proofs of CCA Security in the Quantum Random Oracle Model

Cited by 52 publications

References 17 publications

EasyPQC: Verifying Post-Quantum Cryptography

EasyPQC: Verifying Post-Quantum Cryptography

Scalable Ciphertext Compression Techniques for Post-quantum KEMs and Their Applications

Public‐Key Encryption and Security Notions

Contact Info

Product

Resources

About