Abstract
In this paper, we answer the open question pointed out by Grubbs et al. (EUROCRYPT 2022) and Xagawa (EUROCRYPT 2022), i.e., the \(\textit{concrete}\) \(\textsf{IND}\)-\(\textsf{CCA}\) security proof of \(\textsf{Kyber}\). In order to add robustness, \(\textsf{Kyber}\) uses a slightly tweaked Fujisaki-Okamoto (FO) transformation. Specifically, it uses a “double-nested-hash” to generate the final key. This makes the proof techniques (Jiang et al., CRYPTO 2018) of proving standard FO transformation invalid. Hence, we develop a novel approach to overcome the difficulties, and prove that \(\textsf{Kyber}\) is \(\textsf{IND}\)-\(\textsf{CCA}\) secure in the quantum random oracle model (QROM) if the underlying encryption scheme is \(\textsf{IND}\)-\(\textsf{CPA}\) secure. Our result provides a solid quantum security guarantee for the post-quantum cryptography standard of NIST competition, \(\textsf{Kyber}\) algorithm.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The standard FO-KEMs including \(\textsf{FO}^{\not \bot }\), \(\textsf{FO}_{m}^{\not \bot }\), \(\textsf{FO}^{\bot }\) and \(\textsf{FO}_{m}^{\bot }\) [11], where m (without m) means \(K:=\textsf{H}(m)\) (\(K:=\textsf{H}(m,c)\)).
- 2.
\(\mathsf {H'} \circ g \circ \textsf{G}^{-1}_{1}(\cdot )\) is not even a function.
- 3.
The set \(\mathcal {S}\) must satisfy public verifiability, i.e., given any input A, there is a polynomial time algorithm that can effectively check whether A belongs to \(\mathcal {S}\).
- 4.
For any fixed \(\left( pk,sk \right) \), we say that a ciphertext c is valid if \(c=\textsf{Enc}\left( pk,m;\textsf{G}(m) \right) \), where \(m:=\textsf{Dec}\left( sk,c \right) \), and invalid otherwise.
- 5.
In \(\textsf{FO}^{\not \bot }\), \(\mathcal {E}(m,c)\) directly outputs c.
- 6.
We say that \(\mathcal {A}\) is a q-query oracle algorithm [2] if it performs at most q oracle queries.
- 7.
- 8.
\(\textsf{Kyber}\) requires the underlying PKE scheme to be \(\textsf{IND}\)-\(\textsf{CPA}\) secure.
References
Abdalla, M., Bellare, M., Neven, G.: Robust encryption. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 480–497. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11799-2_28
Ambainis, A., Hamburg, M., Unruh, D.: Quantum security proofs using semi-classical oracles. IACR Cryptology ePrint Archive, vol. 2018, p. 904 (2018). https://eprint.iacr.org/2018/904
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: CCS’93, Fairfax, Virginia, USA, November 1993, pp. 62–73 (1993). https://doi.org/10.1145/168588.168596
Bindel, N., Hamburg, M., Hövelmanns, K., Hülsing, A., Persichetti, E.: Tighter proofs of CCA security in the quantum random oracle model. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019. LNCS, vol. 11892, pp. 61–90. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36033-7_3
Boneh, D., Dagdelen, Ö., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41–69. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_3
Duman, J., Hövelmanns, K., Kiltz, E., Lyubashevsky, V., Seiler, G.: Faster lattice-based kems via a generic fujisaki-okamoto transform using prefix hashing. In: Kim, Y., Kim, J., Vigna, G., Shi, E. (eds.) CCS’21, pp. 2722–2737. ACM (2021). https://doi.org/10.1145/3460120.3484819
Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_34
Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. 26(1), 80–101 (2011). https://doi.org/10.1007/s00145-011-9114-1
Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Miller, G.L. (ed.) The 28th Annual ACM Symposium on the Theory of Computing, pp. 212–219. ACM (1996). https://doi.org/10.1145/237814.237866
Grubbs, P., Maram, V., Paterson, K.G.: Anonymous, robust post-quantum public key encryption. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022. LNCS, vol. 13277. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07082-2_15
Hofheinz, D., Hövelmanns, K., Kiltz, E.: A modular analysis of the fujisaki-okamoto transformation. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 341–371. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70500-2_12
Hosoyamada, A., Iwata, T.: 4-round Luby-rackoff construction is a qPRP. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 145–174. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_6
Hövelmanns, K., Kiltz, E., Schäge, S., Unruh, D.: Generic authenticated key exchange in the quantum random oracle model. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12111, pp. 389–422. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45388-6_14
Jiang, H., Zhang, Z., Chen, L., Wang, H., Ma, Z.: IND-CCA-secure key encapsulation mechanism in the quantum random oracle model, revisited. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 96–125. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_4
Jiang, H., Zhang, Z., Ma, Z.: Tighter security proofs for generic key encapsulation mechanism in the quantum random oracle model. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 227–248. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25510-7_13
Kuchta, V., Sakzad, A., Stehlé, D., Steinfeld, R., Sun, S.-F.: Measure-rewind-measure: tighter quantum random oracle model proofs for one-way to hiding and CCA security. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 703–728. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_24
NIST: National institute for standards and technology. In: Post quantum crypto project (2021). https://csrc.nist.gov/Projects/Post-Quantum-Cryptography
Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_35
Saito, T., Xagawa, K., Yamakawa, T.: Tightly-secure key-encapsulation mechanism in the quantum random oracle model. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 520–551. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_17
Schwabe, P., et al.: Crystals-kyber. In: Technical report, National Institute of Standards and Technology, 2020 (2020). https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997). https://doi.org/10.1137/S0097539795293172
Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. IACR CRYPTOL. ePrint Arch, p. 332 (2004). http://eprint.iacr.org/2004/332
Targhi, E.E., Unruh, D.: Post-quantum security of the Fujisaki-Okamoto and OAEP transforms. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 192–216. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_8
Unruh, D.: Revocable quantum timed-release encryption. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 129–146. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_8
Xagawa, K.: Anonymity of NIST PQC round 3 KEMS. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022. LNCS, vol. 13277, pp. 551–581. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07082-2_20
Zhandry, M.: Secure identity-based encryption in the quantum random oracle model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 758–775. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_44
Zhandry, M.: A note on the quantum collision and set equality problems. Quantum Inf. Comput. 15, 557–567 (2015). https://doi.org/10.26421/QIC15.7-8-2
Zhandry, M.: How to record quantum queries, and applications to quantum indifferentiability. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 239–268. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26951-7_9
Acknowledgments
We thank the anonymous Inscrypt 2022 reviewers for their valuable comments and suggestions. This work was supported by the National Natural Science Foundation of China (Grant Nos. 61972391, 62272455).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, Z., Lu, X., Jia, D., Li, B. (2023). IND-CCA Security of Kyber in the Quantum Random Oracle Model, Revisited. In: Deng, Y., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2022. Lecture Notes in Computer Science, vol 13837. Springer, Cham. https://doi.org/10.1007/978-3-031-26553-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-26553-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-26552-5
Online ISBN: 978-3-031-26553-2
eBook Packages: Computer ScienceComputer Science (R0)