Paper 2025/387
Generic Composition: From Classical to Quantum Security
, Bauhaus University, Weimar, Bauhaus University, Weimar, Bauhaus University, WeimarAbstract
Authenticated encryption (AE) provides both authenticity and privacy. Starting with Bellare's and Namprempre's work in 2000, the Encrypt-then-MAC composition of an encryption scheme for privacy and a MAC for authenticity has become a well-studied and common approach. This work investigates the security of the Encrypt-then-MAC composition in a quantum setting which means that adversarial queries as well as the responses to those queries may be in superposition. We demonstrate that the Encrypt-then-MAC composition of a chosen-plaintext (IND-qCPA) secure symmetric encryption scheme SE and a plus-one unforgeable MAC fails to achieve chosen-ciphertext (IND-qCCA) security. On the other hand, we show that it suffices to choose a quantum pseudorandom function (qPRF) as the MAC. Namely, the Encrypt-then-MAC composition of SE and a qPRF is IND-qCCA secure. The same holds for the Encrypt-and-MAC composition of SE and a qPRF
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Preprint.
- Keywords
- Post-QuantumAuthenticated EncryptionGeneric Composition
- Contact author(s)
-
nathalie lang @ uni-weimar de
jannis leuther @ uni-weimar de
stefan lucks @ uni-weimar de - History
- 2025-03-04: approved
- 2025-02-28: received
- See all versions
- Short URL
- https://ia.cr/2025/387
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/387,
author = {Nathalie Lang and Jannis Leuther and Stefan Lucks},
title = {Generic Composition: From Classical to Quantum Security},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/387},
year = {2025},
url = {https://eprint.iacr.org/2025/387}
}
