{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T11:44:05Z","timestamp":1781091845207,"version":"3.54.1"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032018809","type":"print"},{"value":"9783032018816","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-01881-6_17","type":"book-chapter","created":{"date-parts":[[2025,8,16]],"date-time":"2025-08-16T08:59:45Z","timestamp":1755334785000},"page":"543-574","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Verifiable Decapsulation: Recognizing Faulty Implementations of\u00a0Post-quantum KEMs"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-7165-6150","authenticated-orcid":false,"given":"Lewis","family":"Glabush","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8495-6610","authenticated-orcid":false,"given":"Felix","family":"G\u00fcnther","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5478-0140","authenticated-orcid":false,"given":"Kathrin","family":"H\u00f6velmanns","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9443-3170","authenticated-orcid":false,"given":"Douglas","family":"Stebila","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2025,8,17]]},"reference":[{"key":"17_CR1","unstructured":"Aguilar-Melchor, C., et al.: Hamming Quasi-Cyclic (HQC), fourth round version, updated version 19\/02\/2025 (2025). https:\/\/pqc-hqc.org\/doc\/hqc-specification_2025-02-19.pdf"},{"key":"17_CR2","unstructured":"Aguilar-Melchor, C., et al.: HQC. Tech. rep., National Institute of Standards and Technology (2022). https:\/\/csrc.nist.gov\/Projects\/post-quantum-cryptography\/round-4-submissions"},{"key":"17_CR3","unstructured":"Aragon, N., Gaborit, P., Z\u00e9mor, G.: HQC-RMRS, an instantiation of the HQC encryption framework with a more efficient auxiliary error-correcting code (2020). https:\/\/arxiv.org\/abs\/2005.10741"},{"key":"17_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-45724-2_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"M Bellare","year":"2020","unstructured":"Bellare, M., Davis, H., G\u00fcnther, F.: Separate your domains: NIST PQC KEMs, oracle cloning and read-only indifferentiability. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 3\u201332. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_1"},{"key":"17_CR5","unstructured":"Bernstein, D.J., Persichetti, E.: Towards KEM unification. Cryptology ePrint Archive, Report 2018\/526 (2018). https:\/\/eprint.iacr.org\/2018\/526"},{"key":"17_CR6","doi-asserted-by":"publisher","unstructured":"Bindel, N., Hamburg, M., H\u00f6velmanns, K., H\u00fclsing, A., Persichetti, E.: Tighter proofs of CCA security in the quantum random oracle model. In: Hofheinz, D., Rosen, A. (eds.) TCC\u00a02019, Part\u00a0II. LNCS, vol. 11892, pp. 61\u201390. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-36033-7_3","DOI":"10.1007\/978-3-030-36033-7_3"},{"key":"17_CR7","unstructured":"Bos, J., et al.: CRYSTALS \u2013 Kyber: a CCA-secure module-lattice-based KEM. Cryptology ePrint Archive, Report 2017\/634 (2017). https:\/\/eprint.iacr.org\/2017\/634"},{"key":"17_CR8","doi-asserted-by":"publisher","unstructured":"Don, J., Fehr, S., Majenz, C., Schaffner, C.: Online-extractability in the quantum random-oracle model. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT\u00a02022, Part\u00a0III. LNCS, vol. 13277, pp. 677\u2013706. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-07082-2_24","DOI":"10.1007\/978-3-031-07082-2_24"},{"key":"17_CR9","doi-asserted-by":"publisher","unstructured":"Fischlin, M., G\u00fcnther, F.: Verifiable verification in cryptographic protocols. In: Meng, W., Jensen, C.D., Cremers, C., Kirda, E. (eds.) ACM CCS 2023, pp. 3239\u20133253. ACM Press (2023). https:\/\/doi.org\/10.1145\/3576915.3623151","DOI":"10.1145\/3576915.3623151"},{"key":"17_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"537","DOI":"10.1007\/3-540-48405-1_34","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 99","author":"E Fujisaki","year":"1999","unstructured":"Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537\u2013554. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48405-1_34"},{"issue":"1","key":"17_CR11","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1007\/s00145-011-9114-1","volume":"26","author":"E Fujisaki","year":"2011","unstructured":"Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. 26(1), 80\u2013101 (2011). https:\/\/doi.org\/10.1007\/s00145-011-9114-1","journal-title":"J. Cryptol."},{"key":"17_CR12","doi-asserted-by":"crossref","unstructured":"Glabush, L., G\u00fcnther, F., H\u00f6velmanns, K., Stebila, D.: Verifiable decapsulation: recognizing faulty implementations of post-quantum KEMs (full version). Cryptology ePrint Archive, Paper 2025\/450 (2025). https:\/\/eprint.iacr.org\/2025\/450","DOI":"10.1007\/978-3-032-01881-6_17"},{"key":"17_CR13","unstructured":"Heninger, N.: Biased nonce sense: lattice attacks against weak ECDSA signatures in the wild. In: Talk at the Workshop on Attacks in Cryptography 2 (WAC2), Crypto 2019 (2019). https:\/\/crypto.iacr.org\/2019\/affevents\/wac\/medias\/Heninger-BiasedNonceSense.pdf"},{"key":"17_CR14","unstructured":"Heninger, N.: Implementation footguns for post-quantum cryptography. In: Talk at the Real World Post Quantum Workshop (RWPQC 2024) (2024). https:\/\/na-admin.eventscloud.com\/docs\/9769\/414552"},{"key":"17_CR15","doi-asserted-by":"publisher","unstructured":"Hofheinz, D., H\u00f6velmanns, K., Kiltz, E.: A modular analysis of the Fujisaki-Okamoto transformation. In: Kalai, Y., Reyzin, L. (eds.) TCC\u00a02017, Part\u00a0I. LNCS, vol. 10677, pp. 341\u2013371. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70500-2_12","DOI":"10.1007\/978-3-319-70500-2_12"},{"key":"17_CR16","doi-asserted-by":"publisher","unstructured":"H\u00f6velmanns, K.: Generic constructions of quantum-resistant cryptosystems. doctoralthesis, Ruhr-Universit\u00e4t Bochum, Universit\u00e4tsbibliothek (2021). https:\/\/doi.org\/10.13154\/294-7758","DOI":"10.13154\/294-7758"},{"key":"17_CR17","doi-asserted-by":"publisher","unstructured":"H\u00f6velmanns, K., H\u00fclsing, A., Majenz, C.: Failing gracefully: decryption failures and the Fujisaki-Okamoto transform. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT\u00a02022, Part\u00a0IV. LNCS, vol. 13794, pp. 414\u2013443. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22972-5_15","DOI":"10.1007\/978-3-031-22972-5_15"},{"key":"17_CR18","doi-asserted-by":"publisher","unstructured":"H\u00f6velmanns, K., Kiltz, E., Sch\u00e4ge, S., Unruh, D.: Generic authenticated key exchange in the quantum random oracle model. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC\u00a02020, Part\u00a0II. LNCS, vol. 12111, pp. 389\u2013422. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45388-6_14","DOI":"10.1007\/978-3-030-45388-6_14"},{"key":"17_CR19","doi-asserted-by":"publisher","unstructured":"H\u00f6velmanns, K., Majenz, C.: A note on failing gracefully: completing the picture for explicitly rejecting fujisaki-okamoto transforms using worst-case correctness. In: Saarinen, M.J., Smith-Tone, D. (eds.) Post-Quantum Cryptography - 15th International Workshop, PQCrypto 2024, Part\u00a0II. pp. 245\u2013265. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-62746-0_11","DOI":"10.1007\/978-3-031-62746-0_11"},{"key":"17_CR20","doi-asserted-by":"publisher","unstructured":"Jiang, H., Zhang, Z., Chen, L., Wang, H., Ma, Z.: IND-CCA-secure key encapsulation mechanism in the quantum random oracle model, revisited. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO\u00a02018, Part\u00a0III. LNCS, vol. 10993, pp. 96\u2013125. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96878-0_4","DOI":"10.1007\/978-3-319-96878-0_4"},{"key":"17_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"618","DOI":"10.1007\/978-3-030-17259-6_21","volume-title":"Public-Key Cryptography \u2013 PKC 2019","author":"H Jiang","year":"2019","unstructured":"Jiang, H., Zhang, Z., Ma, Z.: Key encapsulation mechanism with explicit rejection in the quantum random oracle model. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 618\u2013645. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17259-6_21"},{"key":"17_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"703","DOI":"10.1007\/978-3-030-45727-3_24","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"V Kuchta","year":"2020","unstructured":"Kuchta, V., Sakzad, A., Stehl\u00e9, D., Steinfeld, R., Sun, S.-F.: Measure-rewind-measure: tighter quantum random oracle model proofs for one-way to hiding and CCA security. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 703\u2013728. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45727-3_24"},{"key":"17_CR23","unstructured":"Naehrig, M., et al.: FrodoKEM. Tech. rep., National Institute of Standards and Technology (2020). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/post-quantum-cryptography-standardization\/round-3-submissions"},{"key":"17_CR24","doi-asserted-by":"publisher","unstructured":"National institute of standards and technology: module-lattice-based key-encapsulation mechanism standard. Tech. Rep. Federal Information Processing Standards Publications (FIPS PUBS) 203, U.S. Department of Commerce, Washington, D.C. (2024). https:\/\/doi.org\/10.6028\/NIST.FIPS.203","DOI":"10.6028\/NIST.FIPS.203"},{"key":"17_CR25","unstructured":"Open quantum safe project: liboqs. https:\/\/openquantumsafe.org\/liboqs\/"},{"key":"17_CR26","unstructured":"Open quantum safe project: correctness error in HQC decapsulation. Reported by C\u00e9lian Gl\u00e9naz and Dahmun Goudarzi. CVE-2024-54137 (2024). https:\/\/github.com\/open-quantum-safe\/liboqs\/security\/advisories\/GHSA-gpf4-vrrw-r8v7"},{"key":"17_CR27","unstructured":"Poulsen, K.: Behind iPhone\u2019s critical security bug, a single bad \u2018goto\u2019. https:\/\/www.wired.com\/2014\/02\/gotofail\/ (2014)"},{"key":"17_CR28","unstructured":"PQ Code Package project: MLKEM-native. https:\/\/github.com\/pq-code-package\/mlkem-native\/"},{"key":"17_CR29","doi-asserted-by":"publisher","unstructured":"Saito, T., Xagawa, K., Yamakawa, T.: Tightly-secure key-encapsulation mechanism in the quantum random oracle model. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT\u00a02018, Part\u00a0III. LNCS, vol. 10822, pp. 520\u2013551. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78372-7_17","DOI":"10.1007\/978-3-319-78372-7_17"},{"key":"17_CR30","doi-asserted-by":"publisher","unstructured":"Stebila, D., Mosca, M.: Post-quantum key exchange for the internet and the open quantum safe project. In: Avanzi, R., Heys, H.M. (eds.) SAC 2016. LNCS, vol. 10532, pp. 14\u201337. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-69453-5_2","DOI":"10.1007\/978-3-319-69453-5_2"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-01881-6_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,20]],"date-time":"2025-10-20T00:49:56Z","timestamp":1760921396000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-01881-6_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032018809","9783032018816"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-01881-6_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"17 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"45","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}