乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,12,11]],"date-time":"2024-12-11T05:48:28Z","timestamp":1733896108722,"version":"3.30.1"},"reference-count":16,"publisher":"International Association for Cryptologic Research","license":[{"start":{"date-parts":[[2024,1,9]],"date-time":"2024-01-09T00:00:00Z","timestamp":1704758400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2024,3,5]]},"abstract":" X-Wing is a hybrid key-encapsulation mechanism based on X25519 and ML-KEM-768. It is designed to be the sensible choice for most applications. The concrete choice of X25519 and ML-KEM-768 allows X-Wing to achieve improved efficiency compared to using a generic KEM combiner. In this paper, we introduce the X-Wing hybrid KEM construction and provide a proof of security. We show (1) that X-Wing is a classically IND-CCA secure KEM if the strong Diffie-Hellman assumption holds in the X25519 nominal group, and (2) that X-Wing is a post-quantum IND-CCA secure KEM if ML-KEM-768 is itself an IND-CCA secure KEM and SHA3-256 is secure when used as a pseudorandom function. The first result is proved in the ROM, whereas the second one holds in the standard model. Loosely speaking, this means X-Wing is secure if either X25519 or ML-KEM-768 is secure. We stress that these security guarantees and optimizations are only possible due to the concrete choices that were made, and it may not apply in the general case. <\/jats:p>","DOI":"10.62056\/a3qj89n4e","type":"journal-article","created":{"date-parts":[[2024,4,9]],"date-time":"2024-04-09T19:27:10Z","timestamp":1712690830000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":1,"title":["X-Wing"],"prefix":"10.62056","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6848-5564","authenticated-orcid":false,"given":"Manuel","family":"Barbosa","sequence":"first","affiliation":[{"id":[{"id":"https:\/\/ror.org\/043pwc612","id-type":"ROR","asserted-by":"publisher"}],"name":"University of Porto","place":["Portugal"]},{"id":[{"id":"https:\/\/ror.org\/05fa8ka61","id-type":"ROR","asserted-by":"publisher"}],"name":"INESC TEC","place":["Portugal"]},{"id":[{"id":"https:\/\/ror.org\/00bj0r217","id-type":"ROR","asserted-by":"publisher"}],"name":"Max Planck Institute for Security and Privacy","place":["Germany"]}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-5745-1432","authenticated-orcid":false,"given":"Deirdre","family":"Connolly","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/028zdr819","id-type":"ROR","asserted-by":"publisher"}],"name":"SandboxAQ","place":["USA"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5236-260X","authenticated-orcid":false,"given":"Jo\u00e3o","family":"Duarte","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/043pwc612","id-type":"ROR","asserted-by":"publisher"}],"name":"University of Porto","place":["Portugal"]},{"id":[{"id":"https:\/\/ror.org\/05fa8ka61","id-type":"ROR","asserted-by":"publisher"}],"name":"INESC TEC","place":["Portugal"]}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-6141-4861","authenticated-orcid":false,"given":"Aaron","family":"Kaiser","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/00bj0r217","id-type":"ROR","asserted-by":"publisher"}],"name":"Max Planck Institute for Security and Privacy","place":["Germany"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1310-0997","authenticated-orcid":false,"given":"Peter","family":"Schwabe","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/00bj0r217","id-type":"ROR","asserted-by":"publisher"}],"name":"Max Planck Institute for Security and Privacy","place":["Germany"]},{"id":[{"id":"https:\/\/ror.org\/016xsfp80","id-type":"ROR","asserted-by":"publisher"}],"name":"Radboud University","place":["The Netherlands"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2420-2227","authenticated-orcid":false,"given":"Karolin","family":"Varner","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/00bj0r217","id-type":"ROR","asserted-by":"publisher"}],"name":"Max Planck Institute for Security and Privacy","place":["Germany"]},{"name":"Rosenpass e.V.","place":["Germany"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3195-6238","authenticated-orcid":false,"given":"Bas","family":"Westerbaan","sequence":"additional","affiliation":[{"name":"Cloudflare","place":["The Netherlands"]}]}],"member":"48349","published-online":{"date-parts":[[2024,4,9]]},"reference":[{"article-title":"Protecting Chrome Traffic with Hybrid Kyber KEM","year":"2023","author":"Devon O'Brien","key":"ref1:kyberchrome"},{"article-title":"Defending against future threats: Cloudflare goes\n post-quantum","year":"2022","author":"Bas Westerbaan","key":"ref2:kybercloudflare"},{"key":"ref3:PKC:GiaHeuPoe18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1007\/978-3-319-76578-5_7","article-title":"KEM Combiners","volume-title":"PKC\u00a02018: 21st International Conference on Theory and\n Practice of Public Key Cryptography, Part\u00a0I","volume":"10769","author":"Federico Giacon","year":"2018"},{"article-title":"X25519Kyber768Draft00 hybrid post-quantum key agreement","year":"2023","author":"Bas Westerbaan","key":"ref4:xybertls"},{"article-title":"X25519Kyber768Draft00 hybrid post-quantum KEM for HPKE","year":"2023","author":"Bas Westerbaan","key":"ref5:xyberhpke"},{"key":"ref6:FIPS203","series-title":"FIPS Draft Standard","article-title":"Module-Lattice-Based Key-Encapsulation Mechanism\n Standard","author":"NIST","year":"2023"},{"key":"ref7:PKC:Bernstein06","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/11745853_14","article-title":"Curve25519: New Diffie-Hellman Speed Records","volume-title":"PKC\u00a02006: 9th International Conference on Theory and\n Practice of Public Key Cryptography","volume":"3958","author":"Daniel J. Bernstein","year":"2006"},{"key":"ref8:RFC7748","series-title":"Request for Comments","doi-asserted-by":"publisher","DOI":"10.17487\/RFC7748","article-title":"Elliptic Curves for Security","author":"Adam Langley","year":"2016"},{"article-title":"Combiner function for hybrid key encapsulation mechanisms\n (Hybrid KEMs)","year":"2023","author":"Mike Ounsworth","key":"ref9:Ounsworth2023"},{"key":"ref10:RFC9180","series-title":"Request for Comments","doi-asserted-by":"publisher","DOI":"10.17487\/RFC9180","article-title":"Hybrid Public Key Encryption","author":"Richard Barnes","year":"2022"},{"key":"ref11:EC:ABHKLR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-030-77870-5_4","article-title":"Analysing the HPKE Standard","volume-title":"Advances in Cryptology \u2013 EUROCRYPT\u00a02021, Part\u00a0I","volume":"12696","author":"Jo\u00ebl Alwen","year":"2021"},{"key":"ref12:RSA:AbdBelRog01","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/3-540-45353-9_12","article-title":"The Oracle Diffie-Hellman Assumptions and an Analysis of\n DHIES","volume-title":"Topics in Cryptology \u2013 CT-RSA\u00a02001","volume":"2020","author":"Michel Abdalla","year":"2001"},{"article-title":"Keeping Up with the KEMs: Stronger Security Notions for\n KEMs","year":"2023","author":"Cas Cremers","key":"ref13:cryptoeprint:2023\/1933"},{"key":"ref14:Alwen2023","series-title":"CCS '23","isbn-type":"print","doi-asserted-by":"publisher","first-page":"1108","DOI":"10.1145\/3576915.3623185","article-title":"Post-Quantum Multi-Recipient Public Key Encryption","volume-title":"Proceedings of the 2023 ACM SIGSAC Conference on Computer\n and Communications Security","author":"Jo\u00ebl Alwen","year":"2023","ISBN":"https:\/\/id.crossref.org\/isbn\/9798400700507"},{"key":"ref15:FIPS202","doi-asserted-by":"publisher","DOI":"10.6028\/nist.fips.202","article-title":"SHA-3 Standard: Permutation-Based Hash and\n Extendable-Output Functions","author":"Morris J. Dworkin","year":"2015"},{"article-title":"X-Wing: general-purpose hybrid post-quantum KEM","year":"2024","author":"Deirdre Connolly","key":"ref16:rfcdraft"}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2024,12,10]],"date-time":"2024-12-10T21:25:13Z","timestamp":1733865913000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/1\/1\/21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,9]]},"references-count":16,"URL":"https:\/\/doi.org\/10.62056\/a3qj89n4e","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"type":"electronic","value":"3006-5496"}],"subject":[],"published":{"date-parts":[[2024,4,9]]},"assertion":[{"value":"2024-01-09","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-03-05","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}]}}