Generic CCA Secure Key Homomorphic KEM and Updatable Public Key Encryption

Updatable Public Key Encryption (UPKE) is a technique for updating public and private keys in secure messaging protocols, which was initially introduced by Jost et al. (EUROCRYPTO '19). Alwen et al. (CRYPTO '20) later provided an IND-CPA secure UPKE. Asano et al., in turn, applied the FO transformation to UPKE outputs to achieve IND-CCA security. However, their approach doubles the time complexity, as they treat the IND-CPA UPKE as a black box that runs the encryption process once. In this paper, we formalize an IND-CCA model for key encapsulation mechanisms that involve a one-way homomorphic function which is named key homomorphism (KhKEM). If we construct a UPKE scheme from an IND-CCA KhKEM, a one-way secure pseudorandom generator, and an IND-CCA Encrypt-then-MAC symmetric encryption scheme, we demonstrate that this generic hybrid UPKE design will be IND-CCA secure. We finally consider three KhKEM instances and discuss the parameters and efficiency. We show that our scheme has better efficiency compared with Asano et al.'s scheme.