Encryption Schemes Using Random Oracles: From Classical to Post-Quantum Security

Abstract

The security proofs of post-quantum cryptographic schemes often consider only classical adversaries. Therefore, whether such schemes are really post-quantum secure remains unknown until the proofs take quantum adversaries into account. Switching to a quantum adversary might require to adapt the security notion. In particular, post-quantum security proofs for schemes which use random oracles have to be in the quantum random oracle model (\(\mathrm {QROM}\)), while classical security proofs are in the random oracle model (\(\mathrm {ROM}\)). We remedy this state of affairs by introducing a framework to obtain post-quantum security of public key encryption schemes which use random oracles. We define a class of encryption schemes, called oracle-simple, and identify game hops which are used to prove such schemes secure in the \(\mathrm {ROM}\). For these game hops, we state both simple and sufficient conditions to validate that a proof also holds in the \(\mathrm {QROM}\). The strength of our framework lies in its simplicity, its generality, and its applicability. We demonstrate this by applying it to the code-based encryption scheme \(\mathrm {ROLLO{\hbox {-}}II}\) (Round 2 NIST candidate) and the lattice-based encryption scheme \(\mathrm {LARA}\) (FC 2019). Thereby we prove that both schemes are post-quantum secure, which had not been shown before.