Paper 2026/157

In Mid-Stream: Removing the FO-Transform Helps against Leakage but is not Enough

Duyên Pay, UCLouvain
Thomas Peters, UCLouvain
François-Xavier Standaert, UCLouvain
Abstract

The Fujisaki-Okamoto transform is a popular solution to design post- quantum public key encryption schemes, or key encapsulation mechanisms. In order to ensure security against chosen-ciphertext attacks, it checks the validity of ciphertexts by re-encrypting decrypted messages. This operation in turn leads to severe side- channel weaknesses, because the re-encrypted messages can be made key-dependent. Hence, distinguishing them thanks to leakage is sufficient to extract (long-term) secret key information. As a result, recent works suggested to ensure the validity of ciphertexts by other means than re-encryption. For now, the main candidate for this purpose, integrated in the Polka encryption scheme (PKC 2023) and analyzed more generically by Hövelmanns et al. (EUROCRYPT 2025), is to use continuous norm checks through the decryption process. In this paper, we evaluate the extent to which replacing the FO-transform by such norm checks helps resistance against leakage. Negatively, we exhibit new attack vectors that were not anticipated in previous (heuristic) analyzes. Positively, we observe that the removal of the FO-transform nevertheless reduces the attack surface and we identify possible tracks to further minimize it. Overall, our results therefore shed light on the challenge of designing post-quantum public-key encryption schemes, or key encapsulation mechanisms, that can be efficiently protected against side-channel attacks. We hope they can inform theory about leakage sources that could be better taken over by design, to develop new schemes allowing a scarcer use of implementation-level countermeasures.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Side-Channel AttacksPost-Quantum CryptographyFO-Transform
Contact author(s)
thi pay @ uclouvain be
thomas peters @ uclouvain be
fstandae @ uclouvain be
History
2026-01-31: approved
2026-01-30: received
See all versions
Short URL
https://ia.cr/2026/157
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2026/157,
      author = {Duyên Pay and Thomas Peters and François-Xavier Standaert},
      title = {In Mid-Stream: Removing the {FO}-Transform Helps against Leakage but is not Enough},
      howpublished = {Cryptology {ePrint} Archive, Paper 2026/157},
      year = {2026},
      url = {https://eprint.iacr.org/2026/157}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.