Paper 2023/755

The security of Kyber's FO-transform

Manuel Barbosa, University of Porto (FCUP) and INESC TEC, Portugal
Andreas Hülsing, Eindhoven University of Technology
Abstract

In this short note we give another direct proof for the variant of the FO transform used by Kyber in the QROM. At PKC'23 Maram & Xagawa gave the first direct proof which does not require the indirection via FO with explicit rejection, thereby avoiding either a non-tight bound, or the necessity to analyze the failure probability in a new setting. However, on the downside their proof produces a bound that incurs an additive collision bound term. We explore a different approach for a direct proof, which results in a simpler argument closer to prior proofs, but a slightly worse bound.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
Post-quantum cryptographyKyberCrystalsKey-Encapsulation MechanismKEMFujisaki-Okamoto TransformFOQROM
Contact author(s)
mbb @ fc up pt
andreas @ huelsing net
History
2023-05-25: approved
2023-05-25: received
See all versions
Short URL
https://ia.cr/2023/755
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/755,
      author = {Manuel Barbosa and Andreas Hülsing},
      title = {The security of Kyber's FO-transform},
      howpublished = {Cryptology ePrint Archive, Paper 2023/755},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/755}},
      url = {https://eprint.iacr.org/2023/755}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.