Key-encapsulation mechanisms secure against chosen cipher-text attacks (IND-CCA-secure KEMs) in the quantum random oracle model have been proposed by Boneh; Dagdelen; Fischlin; Lehmann; Schafner; and Zhandry (CRYPTO 2012); Targhi and Unruh (TCC 2016-B); and Hofheinz; Hovelmanns; and Kiltz (TCC 2017) However; all are non-tight and; in particular; security levels of the schemes obtained by these constructions are less than half of original security levels of their building blocks In this paper, we give a conversion that tightly converts a weakly secure public-key encryption scheme into an IND-CCA-secure KEM in the quantum random oracle model. More precisely, we define a new security notion for deterministic public key encryption (DPKE) called the disjoint simu-latability, and we propose a way to convert a disjoint simulatable DPKE scheme into an IND-CCA-secure key-encapsulation mechanism scheme without incurring a significant security degradation. In addition, we give DPKE schemes whose disjoint simulatability is tightly reduced to post-quantum assumptions. As a result, we obtain IND-CCA-secure KEMs tightly reduced to various post-quantum assumptions in the quantum random oracle model.
展开▼