A Systematic Approach and Analysis of Key Mismatch Attacks on Lattice-Based NIST Candidate KEMs

Qin, Yue; Zhang, Xiaohan; Pan, Yanbin; Hu, Lei; Ding, Jíntai

doi:10.1007/978-3-030-92068-5_4

Cited by 16 publications

(5 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2019, Bauer et al [ 18 ] gave a key-recovery attack on NewHope-CPA-PKE [ 19 ]. In 2021, Yue Qin et al developed a systematic approach and analyzed key misuse attacks on lattice-based NIST candidates [ 20 ]. Although there have been a number of classical key misuse attacks on the lattice-based public key encryption schemes, quantum misuse attack algorithms are rarely studied.…”

Section: Introductionmentioning

confidence: 99%

Quantum Misuse Attack on Frodo

Wang¹,

Jiang²,

Ma³

2022

Entropy

View full text Add to dashboard Cite

Research on the security of lattice-based public-key encryption schemes against misuse attacks is an important part of the cryptographic assessment of the National Institute of Standards and Technology (NIST) post-quantum cryptography (PQC) standardization process. In particular, many NIST-PQC cryptosystems follow the same meta-cryptosystem. At EUROCRYPT 2019, Ba˘etu et al. mounted a classical key recovery under plaintext checking attacks (KR-PCA) and a quantum key recovery under chosen ciphertext attacks (KR-CCA). They analyzed the security of the weak version of nine submissions to NIST. In this paper, we focus on learning with error (LWE)-based FrodoPKE, whose IND-CPA security is tightly related to the hardness of plain LWE problems. We first review the meta-cryptosystem and quantum algorithm for solving quantum LWE problems. Then, we consider the case where the noise follows a discrete Gaussian distribution and recompute the success probability for quantum LWE by using Hoeffding bound. Finally, we give a quantum key recovery algorithm based on LWE under CCA attack and analyze the security of Frodo. Compared with the existing work of Ba˘etu et al., our method reduces the number of queries from 22 to 1 with the same success probability.

show abstract

Section: Introductionmentioning

confidence: 99%

Quantum Misuse Attack on Frodo

Wang¹,

Jiang²,

Ma³

2022

Entropy

View full text Add to dashboard Cite

show abstract

“…However, it is also possible for an attacker to submit chosen-ciphertexts in an adaptive manner, to perform recovery of single coe cients in a greedy manner. After publishing our work, Qin et al [341] demonstrated improved theoretical CCAs for IND-CPA secure LWE/LWR-based schemes, where they proposed to submit queries to the decapsulation procedure in an adaptive manner, reducing the total number of queries for full key recovery.…”

Section: Resultsmentioning

confidence: 99%

“…However, the exact number of queries/traces for key recovery can be decreased if the attacker adopts an adaptive approach in submitting chosen-ciphertexts for key recovery [341].…”

Section: Resultsmentioning

confidence: 99%

“…While the estimate of 2560 queries for Kyber512 was obtained assuming a nonadaptive attacker, an attacker can submit queries in an adaptive manner to reduce the number of queries for key recovery. In this respect, Qin et al [341] later demonstrated that about 1216 queries are su cient for full key recovery over Kyber512. This estimate can also be applied to our attack conducted in a sidechannel setting for key recovery.…”

Section: Resultsmentioning

confidence: 99%

“…More recently, Ueno et al [278] proposed improved methods to construct chosen-ciphertexts to reduce the number of queries for key recovery [65,341], and also to perform e cient key recovery in the presence of a non-perfect side-channel binary PC oracle [230].…”

Section: Key Recovery Phasementioning

confidence: 99%

See 2 more Smart Citations

Implementation attacks on post-quantum lattice-based cryptography

Ravi¹

View full text Add to dashboard Cite

His valuable insights has allowed me to grow both professionally as well as in my personal life. I would like to take this opportunity and thank him for the constant motivation and guidance, and the wonderful PhD journey! I would also like to express my sincere and heartfelt gratitude towards my co-supervisor Dr. Shivam Bhasin, Technological University, Singapore, who has been a pillar of support and more than just a supervisor throughout my entire PhD journey. I am eternally grateful to both of you, for having trusted me and providing me this opportunity to pursue my PhD with the fullest support, guidance and at the same time, with so much freedom.I would also like to specially thank Dr. Sujoy Sinha Roy, IAIK, TU Graz, Austria for all the guidance you have provided me throughout my PhD journey. My sincere thanks to the members of Thesis Advisory Committee for always providing me valuable suggestions. I would also like to thank all the co-authors of all the publications listed in this thesis, for their valuable contribution.And of course, I would like to thank my family (Amma, Appa, Aunty, Uncle) and especially my wife Shenbaga for being there for me. A special word of gratitude to my friends, Dhivya, Rachel, Salow and Bala for their support. P.S. Thank you GVM... Prasanna Ravi, May 2023 xi "In a way, these things are like gold nuggets that God left in the forest. If I'm walking along in the forest and I stubbed my toe on it, who's to say I deserve credit for

show abstract

Small Leaks Sink a Great Ship: An Evaluation of Key Reuse Resilience of PQC Third Round Finalist NTRU-HRSS

Zhang

Ding

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

A Systematic Approach and Analysis of Key Mismatch Attacks on Lattice-Based NIST Candidate KEMs

Cited by 16 publications

References 34 publications

Quantum Misuse Attack on Frodo

Quantum Misuse Attack on Frodo

Implementation attacks on post-quantum lattice-based cryptography

Small Leaks Sink a Great Ship: An Evaluation of Key Reuse Resilience of PQC Third Round Finalist NTRU-HRSS

Contact Info

Product

Resources

About