Advertisement

Misuse Attacks on Post-quantum Cryptosystems

  • Ciprian BăetuEmail author
  • F. Betül Durak
  • Loïs Huguenin-Dumittan
  • Abdullah Talayhan
  • Serge Vaudenay
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11477)

Abstract

Many post-quantum cryptosystems which have been proposed in the National Institute of Standards and Technology (NIST) standardization process follow the same meta-algorithm, but in different algebras or different encoding methods. They usually propose two constructions, one being weaker and the other requiring a random oracle. We focus on the weak version of nine submissions to NIST. Submitters claim no security when the secret key is used several times. In this paper, we analyze how easy it is to run a key recovery under multiple key reuse. We mount a classical key recovery under plaintext checking attacks (i.e., with a plaintext checking oracle saying if a given ciphertext decrypts well to a given plaintext) and a quantum key recovery under chosen ciphertext attacks. In the latter case, we assume quantum access to the decryption oracle.

References

  1. 1.
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum Key Exchange - A New Hope. https://eprint.iacr.org/2015/1092
  2. 2.
    Alagic, G., Jeffery, S., Ozols, M., Poremba, A.: On Quantum Chosen Ciphertext Attacks and Learning with Errors. https://eprint.iacr.org/2018/1185
  3. 3.
    Ambainis, A., Magnin, L., Roetteler, M., Roland, J.: Symmetry-Assisted Adversaries for Quantum State Generation. CoRR, vol. abs/1012.2112 (2010). https://arxiv.org/pdf/1012.2112.pdf
  4. 4.
    El Bansarkhani, R.: Kindi. http://kindi-kem.de/
  5. 5.
    Bauer, A., Gilbert, H., Renault, G., Rossi, M.: Assessment of the key-reuse resiience of NewHope. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 272–292. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-12612-4_14. https://eprint.iacr.org/2019/075CrossRefGoogle Scholar
  6. 6.
    Bos, J., et al.: CRYSTALS-Kyber: a CCA-secure module-lattice-based KEM. In: IEEE European Symposium on Security and Privacy EuroS&P’2018, London, UK, pp. 353–367. IEEE (2018) https://eprint.iacr.org/2017/634
  7. 7.
    Bernstein, E., Vazirani, U.: Quantum complexity theory. SIAM J. Comput. 26(5), 1411–1473 (1997)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Bos, J.W., et al.: Frodo: take off the ring! Practical, quantum-secure key exchange from LWE. In: 23rd ACM Conference on Computer and Communications Security, Vienna, Austria, pp. 1006–1018. ACM Press (2016). https://eprint.iacr.org/2016/659
  9. 9.
    Cheon, J.H., Kim, D., Lee, J., Song, Y.: Lizard: cut off the tail! A practical post-quantum public-key encryption from LWE and LWR. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 160–177. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-98113-0_9. https://eprint.iacr.org/2016/1126CrossRefGoogle Scholar
  10. 10.
    Ding, J., Alsayigh, S., Saraswathy, R.V., Fluhrer, S., Lin, X.: Leakage of signal function with reuse keys in RLWE key exchange. In: IEEE International Conference on Communications ICC 2017, Paris, France, pp. 1–6. IEEE (2017)Google Scholar
  11. 11.
    Fluhrer, S.: Cryptanalysis of Ring-LWE Based Key Exchange with Key Share Reuse. https://eprint.iacr.org/2016/085
  12. 12.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_34CrossRefGoogle Scholar
  13. 13.
    Fujisaki, E., Okamoto, T.: J. Cryptol. 26, 80–101 (2013)CrossRefGoogle Scholar
  14. 14.
    Grilo, A.B., Kerenidis, I., Zijlstra, T.: Learning with Errors is Easy with Quantum Samples. CoRR, vol. abs/1702.08255 (2017). https://arxiv.org/pdf/1702.08255.pdf
  15. 15.
    Hofheinz, D., Hövelmanns, K., Kiltz, E.: A modular analysis of the Fujisaki-Okamoto transformation. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 341–371. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70500-2_12. https://eprint.iacr.org/2017/604CrossRefzbMATHGoogle Scholar
  16. 16.
    Kirkwood, D., Lackey, B.C., McVey, J., Motley, M., Solinas, J.A., Tuller, D.: Failure is not an option: standardization issues for post-quantum key agreement. Presented at the NIST Workshop on Cybersecurity in a Post-Quantum World (2015). https://www.nist.gov/news-events/events/2015/04/workshop-cybersecurity-post-quantum-world. https://csrc.nist.gov/csrc/media/events/workshop-on-cybersecurity-in-a-post-quantum-world/documents/presentations/session7-motley-mark.pdf
  17. 17.
    Lepoint, T.: Algorithmic of LWE-Based Submissions to NIST Post-Quantum Standardization Effort. Presented at the Post-Scryptum Spring School (2018). https://postscryptum.lip6.fr/. https://postscryptum.lip6.fr/tancrede.pdf
  18. 18.
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_1CrossRefGoogle Scholar
  19. 19.
    Phong, L.T., Hayashi, T., Aono, Y., Moriai, S.: LOTUS. https://www2.nict.go.jp/security/lotus/index.html
  20. 20.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 34 (2009)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Seo, M., Park, J.H., Lee, D.H., Kim, S., Lee, S.-J.: Emblem. https://pqc-emblem.org
  22. 22.
    Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings of the 35th IEEE Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, pp. 124–134. IEEE (1994)Google Scholar
  23. 23.
    Smart, N.P., et al.: Lima 1.1: a PQC Encryption Scheme. https://lima-pq.github.io
  24. 24.
    Steinfeld, R., Sakzad, A., Zhao, R.K.: Titanium. http://users.monash.edu.au/~rste/Titanium.html
  25. 25.
    Targhi, E.E., Unruh, D.: Post-quantum security of the Fujisaki-Okamoto and OAEP transforms. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 192–216. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53644-5_8. https://eprint.iacr.org/2015/1210CrossRefzbMATHGoogle Scholar
  26. 26.
    Yu, Y., Zhang, J.: Lepton: Key Encapsulation Mechanisms from a Variant of Learning Parity with Noise. NIST Round 1 submission to Post-Quantum Cryptography (2017). https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Ciprian Băetu
    • 1
    Email author
  • F. Betül Durak
    • 1
  • Loïs Huguenin-Dumittan
    • 1
  • Abdullah Talayhan
    • 1
  • Serge Vaudenay
    • 1
  1. 1.EPFLLausanneSwitzerland

Personalised recommendations