{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T10:33:32Z","timestamp":1760524412044,"version":"3.40.3"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031172335"},{"type":"electronic","value":"9783031172342"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-17234-2_14","type":"book-chapter","created":{"date-parts":[[2022,9,25]],"date-time":"2022-09-25T21:02:18Z","timestamp":1664139738000},"page":"286-306","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["On Quantum Ciphertext Indistinguishability, Recoverability, and\u00a0OAEP"],"prefix":"10.1007","author":[{"given":"Juliane","family":"Kr\u00e4mer","sequence":"first","affiliation":[]},{"given":"Patrick","family":"Struck","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,9,21]]},"reference":[{"key":"14_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"788","DOI":"10.1007\/978-3-030-45727-3_27","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"G Alagic","year":"2020","unstructured":"Alagic, G., Majenz, C., Russell, A., Song, F.: Quantum-access-secure message authentication via blind-unforgeability. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part III. LNCS, vol. 12107, pp. 788\u2013817. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45727-3_27"},{"key":"14_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/978-3-319-56617-7_3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2017","author":"G Alagic","year":"2017","unstructured":"Alagic, G., Russell, A.: Quantum-secure symmetric-key cryptography based on hidden shifts. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part III. LNCS, vol. 10212, pp. 65\u201393. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-56617-7_3"},{"key":"14_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1007\/978-3-319-29360-8_4","volume-title":"Post-Quantum Cryptography","author":"MV Anand","year":"2016","unstructured":"Anand, M.V., Targhi, E.E., Tabia, G.N., Unruh, D.: Post-quantum security of the CBC, CFB, OFB, CTR, and XTS modes of operation. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 44\u201363. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-29360-8_4"},{"key":"14_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-45724-2_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"M Bellare","year":"2020","unstructured":"Bellare, M., Davis, H., G\u00fcnther, F.: Separate your domains: NIST PQC KEMs, Oracle cloning and read-only indifferentiability. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 3\u201332. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_1"},{"issue":"1","key":"14_CR5","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1007\/s00145-013-9167-4","volume":"28","author":"M Bellare","year":"2015","unstructured":"Bellare, M., Hofheinz, D., Kiltz, E.: Subtleties in the definition of IND-CCA: when and how should challenge decryption be disallowed? J. Cryptol. 28(1), 29\u201348 (2015)","journal-title":"J. Cryptol."},{"key":"14_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1007\/BFb0053428","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u201994","author":"M Bellare","year":"1995","unstructured":"Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92\u2013111. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/BFb0053428"},{"key":"14_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"592","DOI":"10.1007\/978-3-642-38348-9_35","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"D Boneh","year":"2013","unstructured":"Boneh, D., Zhandry, M.: Quantum-secure message authentication codes. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 592\u2013608. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38348-9_35"},{"key":"14_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/978-3-642-40084-1_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"D Boneh","year":"2013","unstructured":"Boneh, D., Zhandry, M.: Secure signatures and chosen ciphertext security in a quantum computing world. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 361\u2013379. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40084-1_21"},{"key":"14_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"552","DOI":"10.1007\/978-3-030-34578-5_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2019","author":"X Bonnetain","year":"2019","unstructured":"Bonnetain, X., Hosoyamada, A., Naya-Plasencia, M., Sasaki, Yu., Schrottenloher, A.: Quantum attacks without superposition queries: the offline Simon\u2019s algorithm. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019, Part I. LNCS, vol. 11921, pp. 552\u2013583. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34578-5_20"},{"key":"14_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"492","DOI":"10.1007\/978-3-030-38471-5_20","volume-title":"Selected Areas in Cryptography \u2013 SAC 2019","author":"X Bonnetain","year":"2020","unstructured":"Bonnetain, X., Naya-Plasencia, M., Schrottenloher, A.: On quantum slide attacks. In: Paterson, K.G., Stebila, D. (eds.) SAC 2019. LNCS, vol. 11959, pp. 492\u2013519. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-38471-5_20"},{"key":"14_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"240","DOI":"10.1007\/978-3-030-90459-3_9","volume-title":"Theory of Cryptography","author":"TV Carstens","year":"2021","unstructured":"Carstens, T.V., Ebrahimi, E., Tabia, G.N., Unruh, D.: Relationships between quantum IND-CPA notions. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13042, pp. 240\u2013272. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-90459-3_9"},{"key":"14_CR12","unstructured":"Chevalier, C., Ebrahimi, E., Vu, Q.-H.: On security notions for encryption in a quantum world. Cryptology ePrint Archive, Report 2020\/237 (2020). https:\/\/eprint.iacr.org\/2020\/237"},{"key":"14_CR13","unstructured":"D\u2019Anvers, J.-P., et al.: SABER. Technical report, National Institute of Standards and Technology (2020). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-3-submissions"},{"key":"14_CR14","unstructured":"Doosti, M., Delavar, M., Kashefi, E., Arapinis, M.: A unified framework for quantum unforgeability. CoRR, abs\/2103.13994 (2021)"},{"key":"14_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/978-3-030-97121-2_2","volume-title":"Public-Key Cryptography \u2013 PKC 2022","author":"E Ebrahimi","year":"2022","unstructured":"Ebrahimi, E.: Post-quantum security of plain OAEP transform. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) PKC 2022. LNCS, vol. 13177, pp. 34\u201351. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-030-97121-2_2"},{"issue":"1","key":"14_CR16","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1007\/s00145-011-9114-1","volume":"26","author":"E Fujisaki","year":"2013","unstructured":"Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. 26(1), 80\u2013101 (2013)","journal-title":"J. Cryptol."},{"issue":"2","key":"14_CR17","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1007\/s00145-002-0204-y","volume":"17","author":"E Fujisaki","year":"2004","unstructured":"Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is secure under the RSA assumption. J. Cryptol. 17(2), 81\u2013104 (2004)","journal-title":"J. Cryptol."},{"key":"14_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1007\/978-3-662-53015-3_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"T Gagliardoni","year":"2016","unstructured":"Gagliardoni, T., H\u00fclsing, A., Schaffner, C.: Semantic security and indistinguishability in the quantum world. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part III. LNCS, vol. 9816, pp. 60\u201389. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53015-3_3"},{"key":"14_CR19","doi-asserted-by":"publisher","unstructured":"Gagliardoni, T., Kr\u00e4mer, J., Struck, P.: Quantum indistinguishability for public key encryption. In: Cheon, J.H., Tillich, J.-P. (eds.) PQCrypto 2021 2021. LNCS, vol. 12841, pp. 463\u2013482. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-81293-5_24. Most of the content we refer to in this work is only included in the full version of the paper. For the full version, we refer to Cryptology ePrint Archive, Report 2020\/266, https:\/\/eprint.iacr.org\/2020\/266","DOI":"10.1007\/978-3-030-81293-5_24"},{"key":"14_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"342","DOI":"10.1007\/978-3-319-63715-0_12","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"S Garg","year":"2017","unstructured":"Garg, S., Yuen, H., Zhandry, M.: New security notions and feasibility results for authentication of quantum data. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part II. LNCS, vol. 10402, pp. 342\u2013371. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63715-0_12"},{"key":"14_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"386","DOI":"10.1007\/978-3-319-98113-0_21","volume-title":"Security and Cryptography for Networks","author":"A Hosoyamada","year":"2018","unstructured":"Hosoyamada, A., Sasaki, Yu.: Quantum Demiric-Sel\u00e7uk meet-in-the-middle attacks: applications to 6-round generic feistel constructions. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 386\u2013403. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-98113-0_21"},{"key":"14_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1007\/978-3-030-12612-4_20","volume-title":"Topics in Cryptology \u2013 CT-RSA 2019","author":"G Ito","year":"2019","unstructured":"Ito, G., Hosoyamada, A., Matsumoto, R., Sasaki, Yu., Iwata, T.: Quantum chosen-ciphertext attacks against feistel ciphers. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 391\u2013411. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-12612-4_20"},{"key":"14_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-662-53008-5_8","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"M Kaplan","year":"2016","unstructured":"Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Breaking symmetric cryptosystems using quantum period finding. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 207\u2013237. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_8"},{"key":"14_CR24","doi-asserted-by":"crossref","unstructured":"Kashefi, E., Kent, A., Vedral, V., Banaszek, K.: Comparison of quantum oracles. Phys. Rev. A 65, 050304 (2002)","DOI":"10.1103\/PhysRevA.65.050304"},{"key":"14_CR25","doi-asserted-by":"crossref","unstructured":"Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round feistel cipher and the random permutation. In: IEEE International Symposium on Information Theory, ISIT 2010, 13\u201318 June 2010, Austin, Texas, USA, Proceedings, pp. 2682\u20132685 (2010)","DOI":"10.1109\/ISIT.2010.5513654"},{"key":"14_CR26","unstructured":"Kuwakado, H., Morii, M.: Security on the quantum-type even-mansour cipher. In: Proceedings of the International Symposium on Information Theory and its Applications, ISITA 2012, Honolulu, HI, USA, 28\u201331 October 2012, pp. 312\u2013316 (2012)"},{"key":"14_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/978-3-319-70697-9_6","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"G Leander","year":"2017","unstructured":"Leander, G., May, A.: Grover meets Simon \u2013 quantumly attacking the FX-construction. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part II. LNCS, vol. 10625, pp. 161\u2013178. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70697-9_6"},{"key":"14_CR28","unstructured":"Mossayebi, S., Schack, R.: Concrete security against adversaries with quantum superposition access to encryption and decryption oracles. CoRR, abs\/1609.03780 (2016)"},{"key":"14_CR29","doi-asserted-by":"crossref","unstructured":"Nemoz, T., Amblard, Z., Dupin, A.: Characterizing the qIND-qCPA (in)security of the CBC, CFB, OFB and CTR modes of operation. IACR Cryptol. ePrint Arch. 236 (2022)","DOI":"10.1007\/978-3-031-40003-2_17"},{"key":"14_CR30","unstructured":"Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information, 10th Anniversary edn. Cambridge University Press (2016)"},{"issue":"1","key":"14_CR31","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1016\/j.ipl.2014.08.009","volume":"115","author":"M R\u00f6tteler","year":"2015","unstructured":"R\u00f6tteler, M., Steinwandt, R.: A note on quantum related-key attacks. Inf. Process. Lett. 115(1), 40\u201344 (2015)","journal-title":"Inf. Process. Lett."},{"key":"14_CR32","unstructured":"Schwabe, P., et al.: CRYSTALS-KYBER. Technical report, National Institute of Standards and Technology (2020). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-3-submissions"},{"key":"14_CR33","unstructured":"Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th FOCS, pp. 124\u2013134. IEEE Computer Society Press, November 1994"},{"key":"14_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/3-540-44647-8_15","volume-title":"Advances in Cryptology \u2014 CRYPTO 2001","author":"V Shoup","year":"2001","unstructured":"Shoup, V.: OAEP reconsidered. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 239\u2013259. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44647-8_15"},{"key":"14_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"192","DOI":"10.1007\/978-3-662-53644-5_8","volume-title":"Theory of Cryptography","author":"EE Targhi","year":"2016","unstructured":"Targhi, E.E., Unruh, D.: Post-quantum security of the Fujisaki-Okamoto and OAEP transforms. In: Hirt, M., Smith, A. (eds.) TCC 2016, Part II. LNCS, vol. 9986, pp. 192\u2013216. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53644-5_8"}],"container-title":["Lecture Notes in Computer Science","Post-Quantum Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-17234-2_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,27]],"date-time":"2023-11-27T17:56:58Z","timestamp":1701107818000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-17234-2_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031172335","9783031172342"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-17234-2_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"21 September 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PQCrypto","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Post-Quantum Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 September 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 September 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pqcrypto2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2022.pqcrypto.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"66","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.1","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}