A modular analysis of the Fujisaki-Okamoto transformation

SoK: how (not) to design and implement post-quantum cryptography ⋮ Memory-Tight Reductions for Practical Key Encapsulation Mechanisms ⋮ Decryption Failure Is More Likely After Success ⋮ Generalization of Isomorphism of Polynomials with Two Secrets and Its Application to Public Key Encryption ⋮ A Note on the Instantiability of the Quantum Random Oracle ⋮ Encryption Schemes Using Random Oracles: From Classical to Post-Quantum Security ⋮ Towards post-quantum security for signal's X3DH handshake ⋮ On Adaptive Attacks Against Jao-Urbanik’s Isogeny-Based Protocol ⋮ Quantum lattice enumeration and tweaking discrete pruning ⋮ On the hardness of the computational ring-LWR problem and its applications ⋮ KHAPE: Asymmetric PAKE from key-hiding key exchange ⋮ Resistance of isogeny-based cryptographic implementations to a fault attack ⋮ Tightness subtleties for multi-user PKE notions ⋮ FO-like combiners and hybrid post-quantum cryptography ⋮ A new adaptive attack on SIDH ⋮ An efficient post-quantum KEM from CSIDH ⋮ A practicable timing attack against HQC and its countermeasure ⋮ The rank-based cryptography library ⋮ Performance bounds for QC-MDPC codes decoders ⋮ Tightly secure ring-LWE based key encapsulation with short ciphertexts ⋮ Anonymous, robust post-quantum public key encryption ⋮ Post-quantum security of the Even-Mansour cipher ⋮ Anonymity of NIST PQC round 3 KEMs ⋮ On IND-qCCA security in the ROM and its applications. CPA security is sufficient for TLS 1.3 ⋮ Online-extractability in the quantum random-oracle model ⋮ ECC\(^2\): error correcting code and elliptic curve based cryptosystem ⋮ Multitarget Decryption Failure Attacks and Their Application to Saber and Kyber ⋮ Tighter proofs of CCA security in the quantum random oracle model ⋮ Gladius: LWR Based Efficient Hybrid Public Key Encryption with Distributed Decryption ⋮ SHealS and HealS: Isogeny-Based PKEs from a Key Validation Method for SIDH ⋮ On optimizing electricity markets performance ⋮ Unique-path identity based encryption with applications to strongly secure messaging ⋮ Let attackers program ideal models: modularity and composability for adaptive compromise ⋮ Systematic study of decryption and re-encryption leakage: the case of Kyber ⋮ Multi-instance secure public-key encryption ⋮ Designing efficient dyadic operations for cryptographic applications ⋮ Post-quantum anonymity of Kyber ⋮ QCCA-secure generic transformations in the quantum random oracle model ⋮ A thorough treatment of highly-efficient NTRU instantiations ⋮ \texttt{POLKA}: towards leakage-resistant post-quantum CCA-secure public key encryption ⋮ Implicit rejection in Fujisaki-Okamoto: framework and a novel realization ⋮ KDM security for the Fujisaki-Okamoto transformations in the QROM ⋮ Group action key encapsulation and non-interactive key exchange in the QROM ⋮ SIDH proof of knowledge ⋮ Towards automating cryptographic hardware implementations: a case study of HQC ⋮ IND-CCA security of Kyber in the quantum random oracle model, revisited ⋮ Higher-order masked Saber ⋮ Compact and tightly selective-opening secure public-key encryption schemes ⋮ Memory-tight multi-challenge security of public-key encryption ⋮ Roadmap of post-quantum cryptography standardization: side-channel attacks and countermeasures ⋮ Exploring decryption failures of BIKE: new class of weak keys and key recovery attacks ⋮ Formal verification of Saber's public-key encryption scheme in easycrypt ⋮ On the non-tightness of measurement-based reductions for key encapsulation mechanism in the quantum random oracle model ⋮ Tight adaptive reprogramming in the QROM ⋮ Fault-injection attacks against NIST's post-quantum cryptography round 3 KEM candidates ⋮ Fault-enabled chosen-ciphertext attacks on Kyber ⋮ A new key recovery side-channel attack on HQC with chosen ciphertext ⋮ Post-quantum signal key agreement from SIDH ⋮ On security notions for encryption in a quantum world ⋮ A one-time single-bit fault leaks all previous NTRU-HRSS session keys to a chosen-ciphertext attack ⋮ Enhanced post-quantum key escrow system for supervised data conflict of interest based on consortium blockchain ⋮ Instantiability of classical random-oracle-model encryption transforms ⋮ Failing gracefully: decryption failures and the Fujisaki-Okamoto transform ⋮ Concrete security from worst-case to average-case lattice reductions ⋮ Tighter QCCA-secure key encapsulation mechanism with explicit rejection in the quantum random oracle model ⋮ Error correction and ciphertext quantization in lattice cryptography ⋮ CCA-secure (puncturable) KEMs from encryption with non-negligible decryption errors ⋮ Scalable ciphertext compression techniques for post-quantum KEMs and their applications ⋮ Post-quantum verification of Fujisaki-Okamoto ⋮ A new decryption failure attack against HQC ⋮ Tightly CCA-secure encryption scheme in a multi-user setting with corruptions ⋮ Towards practical key exchange from ordinary isogeny graphs ⋮ CSIDH: an efficient post-quantum commutative group action ⋮ BI-NTRU Encryption Schemes: Two New Secure Variants of NTRU ⋮ Tighter Security Proofs for Post-quantum Key Encapsulation Mechanism in the Multi-challenge Setting ⋮ Classical misuse attacks on NIST round 2 PQC. The power of rank-based schemes ⋮ Saber on ESP32 ⋮ On the supersingular GPST attack ⋮ Reproducible families of codes and cryptographic applications ⋮ Supersingular Isogeny-based Cryptography: A Survey ⋮ DAGS: key encapsulation using dyadic GS codes ⋮ Bloom filter encryption and applications to efficient forward-secret 0-RTT key exchange ⋮ LIGA: a cryptosystem based on the hardness of rank-metric list and interleaved decoding ⋮ (One) failure is not an option: bootstrapping the search for failures in lattice-based encryption schemes ⋮ Measure-rewind-measure: tighter quantum random oracle model proofs for one-way to hiding and CCA security ⋮ Tweaking the asymmetry of asymmetric-key cryptography on lattices: KEMs and signatures of smaller sizes ⋮ Generic authenticated key exchange in the quantum random oracle model ⋮ One-way functions and malleability oracles: hidden shift attacks on isogeny-based protocols ⋮ QCCA-secure generic key encapsulation mechanism with tighter security in the quantum random oracle model ⋮ On the integer polynomial learning with errors problem ⋮ Practical \(\mathsf{MP} \text{- }\mathsf{LWE}\)-based encryption balancing security-risk versus efficiency ⋮ A key-recovery timing attack on post-quantum primitives using the Fujisaki-Okamoto transformation and its application on FrodoKEM ⋮ A gapless code-based hash proof system based on RQC and its applications ⋮ Secure hybrid encryption in the standard model from hard learning problems ⋮ Separate your domains: NIST PQC KEMs, oracle cloning and read-only indifferentiability