Black-box tests for Fujisaki-Okamoto decapsulation observe the sampled execution seen by the harness, whereas the reencryption computation itself is visible only through the values that reach final key derivation. We study confirmation-code-augmented KEM variants under an honest-reference harness in which the reference encapsulation fixes a hidden final-key point $\langle good,B,W\rangle$, with $W$ the confirmation witness. For a $q$-localized system under test, acceptance is bounded by honest correctness error, adversarial aliasing, final-key freshness defects, a hit on the localized suffix list $Q_G(B)$, and $2^{-κ}$. A one-query construction from any predictor of $W$ matches this bound up to the fresh-key coincidence term, so the list-hit event is the black-box obstruction measured by the harness. The list-hit term is bounded either by a cUP-faithful harness certificate, which transfers source confirmation-code unpredictability with a $q$-loss, or by an average conditional min-entropy bound, with separate RawEnt and TailEnt hypotheses for short diagnostic and truncation-tail codes. The same model proves a dependency-cone lower bound for non-certification claims. When the black-box observation of an honest-support harness factors through the confirmation-observable final-key target, every operation outside the support-active cone has a coupled erasure implementation with the same transcript distribution; over any implementation class containing that erasure, soundness and completeness errors of an execution certifier satisfy $α+β\ge 1$. The ML-KEM and HQC case studies distinguish theorem-covered positive rows, finite-catalog artifact rows, and non-certification rows that carry a cone-inactivity certificate. The security of the standard KEM lines is the construction-level security supplied by the cited source analyses.

翻译：针对Fujisaki-Okamoto解封装的黑盒测试观察的是测试框架所采样的执行过程，而重新加密计算本身仅通过最终密钥派生所达的值可见。我们研究在诚实参考框架下增强确认码的KEM变体，其中参考封装固定了一个隐藏的最终密钥点⟨good,B,W⟩，W为确认见证。对于待测的q局部化系统，其接受权限定于诚实正确性误差、对抗性混叠、最终密钥新鲜度缺陷、局部化后缀列表Q_G(B)的命中事件以及2^{−κ}。基于任意W预测器的单次查询构造与该界匹配至新鲜密钥重合项，因此列表命中事件即为框架所度量的黑盒障碍。列表命中项可通过两种方式界定：要么通过cUP忠实框架证书（以q损失转移源确认码不可预测性），要么通过平均条件最小熵界（针对短诊断码和截断尾码分别采用RawEnt和TailEnt假设）。同一模型证明了非认证声明的依赖锥下界。当诚实支持框架的黑盒观测经由确认可观测的最终密钥目标分解时，支撑活性锥外的每个操作均存在具有相同转录分布的耦合擦除实现；在包含该擦除操作的任意实现类上，执行认证器的完备性和完备性误差满足α+β≥1。ML-KEM与HQC案例研究区分了定理覆盖的正行、有限编目伪影行以及携带锥不活跃证书的非认证行。标准KEM线路的安全性由所引源分析提供的构造级安全性保障。