29 Hits in 6.9 sec

Tightly Secure PKE Combiner in the Quantum Random Oracle Model

Brian Goncalves, Atefeh Mashatan
2022 Cryptography  
Our construction is the only existing proposal in the literature with IND-CCA-security in the classical and quantum random oracle models, respectively.  ...  One method to ease the transition is the use of classical–quantum hybrid schemes, which provide security against both classical and quantum adversaries.  ...  In this work, we present a (mostly) generic construction of a (1, 2)robust combiner for PKEs that preserves IND-CCA-security in the random oracle model and in the quantum random oracle model, which we  ... 
doi:10.3390/cryptography6020015 fatcat:5q7mbzkpl5dldfgdkv4ueqlr2e

A Modular Analysis of the Fujisaki-Okamoto Transformation [chapter]

Dennis Hofheinz, Kathrin Hövelmanns, Eike Kiltz
2017 Lecture Notes in Computer Science  
We note that we also analyze our transformations in the quantum random oracle model, which yields security guarantees in a post-quantum setting.  ...  secure symmetric encryption scheme into a Hybrid encryption scheme that is (IND-CCA) secure in the random oracle model [7] .  ...  Acknowledgments We would like to thank Andreas Hülsing, Christian Schaffner, and Dominique Unruh for interesting discussions on the FO transformation in the QROM.  ... 
doi:10.1007/978-3-319-70500-2_12 fatcat:f4m4fpehxfcxvbpybz4zsy6qeq

Tightly Secure Ring-LWE Based Key Encapsulation with Short Ciphertexts [chapter]

Martin R. Albrecht, Emmanuela Orsini, Kenneth G. Paterson, Guy Peer, Nigel P. Smart
2017 Lecture Notes in Computer Science  
Our tight security proof is obtained by reducing to the security of the underlying Ring-LWE problem, avoiding an intermediate reduction to a CPA-secure encryption scheme.  ...  Such a tight reduction is not known for the generic construction.  ...  Acknowledgements This work has been supported in part by ERC Advanced Grant ERC-2015-AdG-IMPaCT, and by EPSRC via grants EP/N021940/1, EP/M012824, EP/M013472/1, EP/L018543/1 and EP/P009417/1.  ... 
doi:10.1007/978-3-319-66402-6_4 fatcat:aod4umhsy5clbft74jyjrub6ei

A Thorough Treatment of Highly-Efficient NTRU Instantiations [article]

Julien Duman, Kathrin Hövelmanns, Eike Kiltz, Vadim Lyubashevsky, Gregor Seiler, Dominique Unruh
2021 IACR Cryptology ePrint Archive  
Cryptography based on the hardness of lattice problems over polynomial rings currently provides the most practical solution for public key encryption in the quantum era.  ...  We provide several instantiations and transformations, with security given in the ROM and the QROM, that detach the decryption error from the message, thus eliminating the adversary's power to have any  ...  Eike Kiltz was supported by the BMBF iBlockchain project, the EU H2020 PROMETHEUS project 780701, and by the DFG under Germany's Excellence Strategy -EXC 2092 CASA -390781972.  ... 
dblp:journals/iacr/DumanHKLSU21 fatcat:tytlcdkgwbgmfhmaxoh7dyckae

Analysis of the FO Transformation in the Lattice-Based Post-Quantum Algorithms

Miguel Ángel González de la Torre, Luis Hernández Encinas, Araceli Queiruga-Dios
2022 Mathematics  
Newer variants of the Fujisaki–Okamoto transformation are used in most candidates of the third round of the NIST Post-Quantum Cryptography standardization call in the category of public key encryption  ...  Furthermore, there are five candidates (three finalists and two alternatives) that passed to the third round of the process and whose security is based in lattice problems.  ...  Acknowledgments: We kindly acknowledge the help provided by the reviewers' suggestions, which have contributed to an improved quality of the present work.  ... 
doi:10.3390/math10162967 fatcat:k3fojbtohnhwbbnvm6wuzk6elq

URDP: General Framework for Direct CCA2 Security from any Lattice-Based PKE Scheme [article]

Roohallah Rastaghi
2013 arXiv   pre-print
IND-CCA2 security of this scheme can be tightly reduced in the standard model to the assumption that the underlying primitive is an one-way trapdoor function.  ...  hardness problems in (ideal) lattice in the standard model, resolving a problem that has remained open till date.  ...  We showed that this scheme has extra advantages, namely, its IND-CCA security remains tightly related (in the standard model) to the worst-case hardness problems in lattice.  ... 
arXiv:1302.6352v2 fatcat:e4k3nyenjfa6pd7crppaqflcf4

Lattice-based Key Sharing Schemes - A Survey [article]

Prasanna Ravi, James Howe, Anupam Chattopadhyay, Shivam Bhasin
2020 IACR Cryptology ePrint Archive  
Sensing the imminent threat from continued advances in quantum computing, NIST has recently initiated a global level standardization process for quantum resistant public-key cryptographic primitives such  ...  However, most if not all of it is predominantly built upon hardness guarantees of number theoretic problems that can be broken by large scale quantum computers in the future.  ...  While its classical variant (secure in the classical random oracle model (ROM)) utilizes two random oracles (H, G), its post-quantum variant [164] requires three oracles to guarantee post-quantum security  ... 
dblp:journals/iacr/RaviHCB20 fatcat:gwfp7xfzbbgxnldzbngfc4ru7q

Post-Quantum Authenticated Encryption against Chosen-Ciphertext Side-Channel Attacks

Melissa Azouaoui, Yulia Kuzovkova, Tobias Schneider, Christine Van Vredendaal
2022 Transactions on Cryptographic Hardware and Embedded Systems  
model.  ...  These powerful attacks target the re-encryption step in the Fujisaki-Okamoto (FO) transform, which is commonly used to achieve CCA security in such schemes.  ...  The authors would like to thank the reviewers for their helpful comments and for pointing out the SUIT protocol.  ... 
doi:10.46586/tches.v2022.i4.372-396 fatcat:o7ioi4ockvb5ne5mzepcrroz3a

Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model [chapter]

Shuichi Katsumata, Shota Yamada, Takashi Yamakawa
2018 Advances in Industrial Control  
Since their proof was only made in the random oracle model (ROM) instead of the quantum random oracle model (QROM), it remained unclear whether the scheme was truly post-quantum or not.  ...  in one random oracle query.  ...  Quantum random oracle model. Boneh et al. [BDF + 11] introduced the quantum random oracle model (QROM), which is an extension of the usual random oracle model to the quantum setting.  ... 
doi:10.1007/978-3-030-03329-3_9 fatcat:eu7pme6fs5a3hilprgkdl7pory

Round2: KEM and PKE based on GLWR [article]

Hayo Baan, Sauvik Bhattacharya, Óscar García-Morchón, Ronald Rietman, Ludo Tolhuizen, Jose Luis Torre-Arce, Zhenfei Zhang
2017 IACR Cryptology ePrint Archive  
Cryptographic primitives that are secure against quantum computing are receiving growing attention with recent, steady advances in quantum computing and standardization initiatives in post-quantum cryptography  ...  Lattice-based cryptography is one of the families in post-quantum cryptography, demonstrating desirable features such as well-understood security, efficient performance, and versatility.  ...  Direct application of [26, Theorem 4.6] , similarly as in [16, Theorem 4.2 ], shows that CCA-KEM is IND-CCA secure in the quantum random oracle model.  ... 
dblp:journals/iacr/BaanBGRTTZ17 fatcat:66nz47rubnfx3lt55a3owiatpq

Assessment of the Key-Reuse Resilience of NewHope [chapter]

Aurélie Bauer, Henri Gilbert, Guénaël Renault, Mélissa Rossi
2019 Lecture Notes in Computer Science  
In this paper, we study the security of NewHope when an active adversary accesses a key establishment and is given access to an oracle, called key mismatch oracle, which indicates whether her guess of  ...  This attack model turns out to be relevant in key reuse situations since an attacker may then be able to access such an oracle repeatedly with the same key -either directly or using faults or side channels  ...  The NIST call specifically asks for quantum resistant KEM proposals in order to replace number theory based Diffie-Hellman key establishment protocols, which can be broken in the quantum computation model  ... 
doi:10.1007/978-3-030-12612-4_14 fatcat:er47wsrnozeodbulezbbwd5lp4

Understanding and Constructing AKE via Double-Key Key Encapsulation Mechanism [chapter]

Haiyang Xue, Xianhui Lu, Bao Li, Bei Liang, Jingnan He
2018 Advances in Industrial Control  
Then, we show 1) how to construct 2-key KEM from concrete assumptions, 2) how to adapt the classical Fujisaki-Okamoto transformation and KEM combiner to achieve the security requirement of 2-key KEM, 3  ...  To see the usefulness of 2-key KEM, we show how several existing constructions of AKE can be captured as 2-key KEM and understood in a unified framework, including widely used HMQV, NAXOS, Okamoto-AKE,  ...  Acknowledgment We thank David Pointcheval for advice on improving the presentation, Daode Zhang and Huige Wang for pointing out some typos.  ... 
doi:10.1007/978-3-030-03329-3_6 fatcat:xwvbsvwdc5ejppz6l5fnxibxpm

Compact and Efficient NTRU-based KEM with Scalable Ciphertext Compression [article]

Zhichuang Liang, Boyue Fang, Jieyu Zheng, Yunlei Zhao
2022 arXiv   pre-print
The NTRU lattice is a promising candidate to construct practical cryptosystems resistant to quantum computing attacks, and particularly plays a leading role in the ongoing NIST post-quantum cryptography  ...  When compared to the NIST Round 3 finalist NTRU-HRSS, our CTRU-768 has 15% smaller ciphertext size and its security is strengthened by (45,40) bits for classical and quantum security respectively.  ...  ROM) [15] and quantum random oracle model (QROM) [25] .  ... 
arXiv:2205.05413v1 fatcat:h7lage463venfb4otqu3t26the

Comparing proofs of security for lattice-based encryption [article]

Daniel J. Bernstein
2019 IACR Cryptology ePrint Archive  
This paper describes the limits of various "security proofs", using 36 lattice-based KEMs as case studies.  ...  This description allows the limits to be systematically compared across these KEMs; shows that some previous claims are incorrect; and provides an explicit framework for thorough security reviews of these  ...  At the very minimum, one should issue a fierce warning that security in the Random Oracle Model does not provide any indication towards security in the standard model.  ... 
dblp:journals/iacr/Bernstein19a fatcat:ndzucnhcg5byjfks7vq3vl3ham

All-But-Many Lossy Trapdoor Functions from Lattices and Applications [chapter]

Xavier Boyen, Qinyi Li
2017 Lecture Notes in Computer Science  
Our second result is a public-key system tightly secure against "selective opening" attacks, where an attacker gets many challenges and can ask to see the random bits of any of them.  ...  Meanwhile, this result provides an alternative solution to the problem of building pairing-free IND-CCA2 PKE schemes with tight security in the multi-challenge setting, which was firstly answered by Gay  ...  Acknowledgement We thank Benoît Libert and Damien Stehlé and the anonymous reviewers for useful comments.  ... 
doi:10.1007/978-3-319-63697-9_11 fatcat:pmo3lrzhznfe7nftg5qgrj3nhm
« Previous Showing results 1 — 15 out of 29 results