Paper 2025/458
CAKE requires programming - On the provable post-quantum security of (O)CAKE
, Eindhoven University of Technology, Eindhoven University of Technology, SandboxAQ, Paolo Alto, USAbstract
In this work we revisit the post-quantum security of KEM-based password-authenticated key exchange (PAKE), specifically that of (O)CAKE. So far, these schemes evaded a security proof considering quantum adversaries. We give a detailed analysis of why this is the case, determining the missing proof techniques. To this end, we first provide a proof of security in the post-quantum setting, up to a single gap. This proof already turns out to be technically involved, requiring advanced techniques to reason in the QROM, including the compressed oracle and the extractable QROM. To pave the way towards closing the gap, we then further identify an efficient simulator for the ideal cipher. This provides certain programming abilities as a necessary and sufficient condition to close the gap in the proof: we demonstrate that we can close the gap using the simulator, and give a meta-reduction based on KEM-anonymity that shows the impossibility of a non-programming reduction that covers a class of KEMs that includes Kyber / ML-KEM.
Metadata
- Available format(s)
-
PDF
- Publication info
- Preprint.
- Keywords
- Post-quantum cryptographyPAKECAKEOCAKEquantum ideal-cipher modelQICQROMmeta reduction
- Contact author(s)
-
kathrin @ hoevelmanns net
andreas @ huelsing net
mishel kudinov @ gmail com
ritschsilvia @ gmail com - History
- 2025-03-12: approved
- 2025-03-11: received
- See all versions
- Short URL
- https://ia.cr/2025/458
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/458,
author = {Kathrin Hövelmanns and Andreas Hülsing and Mikhail Kudinov and Silvia Ritsch},
title = {{CAKE} requires programming - On the provable post-quantum security of (O){CAKE}},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/458},
year = {2025},
url = {https://eprint.iacr.org/2025/458}
}
