We revisit the construction of IND-CCA secure key encapsulation mechanisms (KEM) from public-key encryption schemes (PKE). We give new, tighter security reductions for several constructions. Our main result is a tight reduction for the security of the U 6⊥-transform of Hofheinz, H¨ovelmanns, and Kiltz (TCC’17) which turns OW-CPA secure deterministic PKEs into IND-CCA secure KEMs. This result is enabled by a new one-way to hiding (O2H) lemma which gives a tighter bound than previous O2H lemmas in certain settings and might be of independent interest. We extend this result also to the case of PKEs with non-zero decryption failure probability, partially non-injective PKEs, and non-deterministic PKEs. In addition, we analyze the impact of diffe...
The development of increasingly sophisticated quantum computers poses a long-term threat to current ...
Bounded IND-CCA security (IND-qCCA) is a notion similar to the traditional IND-CCA security, except ...
Abstract. Assuming the existence of an indistinguishability obfuscator (iO), we show that a number o...
We revisit the construction of IND-CCA secure key encapsulation mechanisms (KEM) from public-key enc...
We revisit the construction of IND-CCA secure key encapsulation mechanisms (KEM) from public-key enc...
Key-encapsulation mechanisms secure against chosen ciphertext attacks (IND-CCA-secure KEMs) in the q...
With the gradual progress of NIST\u27s post-quantum cryptography standardization, the Round-1 KEM pr...
Abstract. While the hybrid public key encryption scheme of Kurosawa and Desmedt (CRYPTO 2004) is pro...
We propose a general construction for public key encryption schemes that are IND-CCA2 secure in the...
We provide a tight security proof for an IND-CCA Ring-LWE based Key Encapsulation Mechanism that is ...
Proxy re-encryption (PRE) is a highly useful cryptographic primitive whereby Alice and Bob can endow...
In the quantum random oracle model, despite intensive recent research efforts, we are still lacking ...
We formalize the notion of a constrained linear trapdoor as an abstract strategy for the generation ...
The One-Way to Hiding (O2H) Lemma is a central component of proofs of chosen-ciphertext attack (CCA)...
Abstract. We study simulation-based, selective opening security against chosen-ciphertext attacks (S...
The development of increasingly sophisticated quantum computers poses a long-term threat to current ...
Bounded IND-CCA security (IND-qCCA) is a notion similar to the traditional IND-CCA security, except ...
Abstract. Assuming the existence of an indistinguishability obfuscator (iO), we show that a number o...
We revisit the construction of IND-CCA secure key encapsulation mechanisms (KEM) from public-key enc...
We revisit the construction of IND-CCA secure key encapsulation mechanisms (KEM) from public-key enc...
Key-encapsulation mechanisms secure against chosen ciphertext attacks (IND-CCA-secure KEMs) in the q...
With the gradual progress of NIST\u27s post-quantum cryptography standardization, the Round-1 KEM pr...
Abstract. While the hybrid public key encryption scheme of Kurosawa and Desmedt (CRYPTO 2004) is pro...
We propose a general construction for public key encryption schemes that are IND-CCA2 secure in the...
We provide a tight security proof for an IND-CCA Ring-LWE based Key Encapsulation Mechanism that is ...
Proxy re-encryption (PRE) is a highly useful cryptographic primitive whereby Alice and Bob can endow...
In the quantum random oracle model, despite intensive recent research efforts, we are still lacking ...
We formalize the notion of a constrained linear trapdoor as an abstract strategy for the generation ...
The One-Way to Hiding (O2H) Lemma is a central component of proofs of chosen-ciphertext attack (CCA)...
Abstract. We study simulation-based, selective opening security against chosen-ciphertext attacks (S...
The development of increasingly sophisticated quantum computers poses a long-term threat to current ...
Bounded IND-CCA security (IND-qCCA) is a notion similar to the traditional IND-CCA security, except ...
Abstract. Assuming the existence of an indistinguishability obfuscator (iO), we show that a number o...