Implicit Rejection in Fujisaki-Okamoto: Framework and a Novel Realization.

The generic IND-CCA secure key encapsulation mechanism (KEM) constructions in the quantum random oracle model (QROM) attract much attention due to the NIST post-quantum competition. Most of the NIST KEM submissions follow the generic Fujisaki-Okamoto transformation with implicit rejection (FO-IR). We propose a framework for the construction of quantum random oracles that supports implicit rejection, and prove that the KEMs satisfying our framework are IND-CCA secure in the QROM. Specifically, we use the idea of hash combination to eliminate the requirement for checking the validity of ciphertexts, which is the key point to achieve IND-CCA security. We show that the existing FO-IR widely used in the NIST KEM submissions can be explained by our framework. Additionally, we also propose a novel realization which exploits the verifiability of the private key.