Decryption Failure Attacks on IND-CCA Secure Lattice-Based Schemes
In this paper we investigate the impact of decryption failures on the chosen-ciphertext security of lattice-based primitives. We discuss a generic framework for secret key recovery based on decryption failures and present an attack on the NIST Post-Quantum Proposal ss-ntru-pke. Our framework is spli...
Gespeichert in:
| Hauptverfasser: | , , , , , |
|---|---|
| Format: | Tagungsbericht |
| Sprache: | eng |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 598 |
|---|---|
| container_issue | |
| container_start_page | 565 |
| container_title | |
| container_volume | 11443 |
| creator | D Anvers, Jan-Pieter Guo, Qian Johansson, Thomas Nilsson, Alexander Vercauteren, Frederik Verbauwhede, Ingrid |
| description | In this paper we investigate the impact of decryption failures on the chosen-ciphertext security of lattice-based primitives. We discuss a generic framework for secret key recovery based on decryption failures and present an attack on the NIST Post-Quantum Proposal ss-ntru-pke. Our framework is split in three parts: First, we use a technique to increase the failure rate of lattice-based schemes called failure boosting. Based on this technique we investigate the minimal effort for an adversary to obtain a failure in three cases: when he has access to a quantum computer, when he mounts a multi-target attack or when he can only perform a limited number of oracle queries. Secondly, we examine the amount of information that an adversary can derive from failing ciphertexts. Finally, these techniques are combined in an overall analysis of the security of lattice based schemes under a decryption failure attack. We show that an attacker could significantly reduce the security of lattice based schemes that have a relatively high failure rate. However, for most of the NIST Post-Quantum Proposals, the number of required oracle queries is above practical limits. Furthermore, a new generic weak-key (multi-target) model on lattice-based schemes, which can be viewed as a variant of the previous framework, is proposed. This model further takes into consideration the weak-key phenomenon that a small fraction of keys can have much larger decoding error probability for ciphertexts with certain key-related properties. We apply this model and present an attack in detail on the NIST Post-Quantum Proposal - ss-ntru-pke - with complexity below the claimed security level. |
| format | Conference Proceeding |
| fullrecord | <record><control><sourceid>kuleuven</sourceid><recordid>TN_cdi_kuleuven_dspace_123456789_641878</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>123456789_641878</sourcerecordid><originalsourceid>FETCH-kuleuven_dspace_123456789_6418783</originalsourceid><addsrcrecordid>eNqNjN8KgjAchQcVpNY77K6LEOamTi_9kxREN3Y_xvxFppm4GfX2FfQAXp3Ddz7ODNmMMOJxGsR8jqxvp27MfbZEttY3QgjlMbVQmoMa3r2pHx0uZN2OA-DEGKkajb_ocMrdLEtwCeq3HKUxtQI3lRoqXKor3EGv0OIiWw3rfzpoU-zO2d5txhbGJ3Si0r1UIDzK_CDkUSxC34t4xBy0nWYK8zJs-u8HswdIfA</addsrcrecordid><sourcetype>Institutional Repository</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Decryption Failure Attacks on IND-CCA Secure Lattice-Based Schemes</title><source>Lirias (KU Leuven Association)</source><source>Springer Books</source><creator>D Anvers, Jan-Pieter ; Guo, Qian ; Johansson, Thomas ; Nilsson, Alexander ; Vercauteren, Frederik ; Verbauwhede, Ingrid</creator><contributor>Sako, Kazue ; Lin, Dongdai</contributor><creatorcontrib>D Anvers, Jan-Pieter ; Guo, Qian ; Johansson, Thomas ; Nilsson, Alexander ; Vercauteren, Frederik ; Verbauwhede, Ingrid ; Sako, Kazue ; Lin, Dongdai</creatorcontrib><description>In this paper we investigate the impact of decryption failures on the chosen-ciphertext security of lattice-based primitives. We discuss a generic framework for secret key recovery based on decryption failures and present an attack on the NIST Post-Quantum Proposal ss-ntru-pke. Our framework is split in three parts: First, we use a technique to increase the failure rate of lattice-based schemes called failure boosting. Based on this technique we investigate the minimal effort for an adversary to obtain a failure in three cases: when he has access to a quantum computer, when he mounts a multi-target attack or when he can only perform a limited number of oracle queries. Secondly, we examine the amount of information that an adversary can derive from failing ciphertexts. Finally, these techniques are combined in an overall analysis of the security of lattice based schemes under a decryption failure attack. We show that an attacker could significantly reduce the security of lattice based schemes that have a relatively high failure rate. However, for most of the NIST Post-Quantum Proposals, the number of required oracle queries is above practical limits. Furthermore, a new generic weak-key (multi-target) model on lattice-based schemes, which can be viewed as a variant of the previous framework, is proposed. This model further takes into consideration the weak-key phenomenon that a small fraction of keys can have much larger decoding error probability for ciphertexts with certain key-related properties. We apply this model and present an attack in detail on the NIST Post-Quantum Proposal - ss-ntru-pke - with complexity below the claimed security level.</description><identifier>ISSN: 0302-9743</identifier><identifier>ISBN: 3030172597</identifier><identifier>ISBN: 9783030172596</identifier><language>eng</language><publisher>Springer International Publishing</publisher><ispartof>Public-Key Cryptography - PKC 2019, 2019, Vol.11443, p.565-598</ispartof><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>309,310,315,780,784,789,790,27860</link.rule.ids></links><search><contributor>Sako, Kazue</contributor><contributor>Lin, Dongdai</contributor><creatorcontrib>D Anvers, Jan-Pieter</creatorcontrib><creatorcontrib>Guo, Qian</creatorcontrib><creatorcontrib>Johansson, Thomas</creatorcontrib><creatorcontrib>Nilsson, Alexander</creatorcontrib><creatorcontrib>Vercauteren, Frederik</creatorcontrib><creatorcontrib>Verbauwhede, Ingrid</creatorcontrib><title>Decryption Failure Attacks on IND-CCA Secure Lattice-Based Schemes</title><title>Public-Key Cryptography - PKC 2019</title><description>In this paper we investigate the impact of decryption failures on the chosen-ciphertext security of lattice-based primitives. We discuss a generic framework for secret key recovery based on decryption failures and present an attack on the NIST Post-Quantum Proposal ss-ntru-pke. Our framework is split in three parts: First, we use a technique to increase the failure rate of lattice-based schemes called failure boosting. Based on this technique we investigate the minimal effort for an adversary to obtain a failure in three cases: when he has access to a quantum computer, when he mounts a multi-target attack or when he can only perform a limited number of oracle queries. Secondly, we examine the amount of information that an adversary can derive from failing ciphertexts. Finally, these techniques are combined in an overall analysis of the security of lattice based schemes under a decryption failure attack. We show that an attacker could significantly reduce the security of lattice based schemes that have a relatively high failure rate. However, for most of the NIST Post-Quantum Proposals, the number of required oracle queries is above practical limits. Furthermore, a new generic weak-key (multi-target) model on lattice-based schemes, which can be viewed as a variant of the previous framework, is proposed. This model further takes into consideration the weak-key phenomenon that a small fraction of keys can have much larger decoding error probability for ciphertexts with certain key-related properties. We apply this model and present an attack in detail on the NIST Post-Quantum Proposal - ss-ntru-pke - with complexity below the claimed security level.</description><issn>0302-9743</issn><isbn>3030172597</isbn><isbn>9783030172596</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2019</creationdate><recordtype>conference_proceeding</recordtype><sourceid>FZOIL</sourceid><recordid>eNqNjN8KgjAchQcVpNY77K6LEOamTi_9kxREN3Y_xvxFppm4GfX2FfQAXp3Ddz7ODNmMMOJxGsR8jqxvp27MfbZEttY3QgjlMbVQmoMa3r2pHx0uZN2OA-DEGKkajb_ocMrdLEtwCeq3HKUxtQI3lRoqXKor3EGv0OIiWw3rfzpoU-zO2d5txhbGJ3Si0r1UIDzK_CDkUSxC34t4xBy0nWYK8zJs-u8HswdIfA</recordid><startdate>20190406</startdate><enddate>20190406</enddate><creator>D Anvers, Jan-Pieter</creator><creator>Guo, Qian</creator><creator>Johansson, Thomas</creator><creator>Nilsson, Alexander</creator><creator>Vercauteren, Frederik</creator><creator>Verbauwhede, Ingrid</creator><general>Springer International Publishing</general><scope>FZOIL</scope></search><sort><creationdate>20190406</creationdate><title>Decryption Failure Attacks on IND-CCA Secure Lattice-Based Schemes</title><author>D Anvers, Jan-Pieter ; Guo, Qian ; Johansson, Thomas ; Nilsson, Alexander ; Vercauteren, Frederik ; Verbauwhede, Ingrid</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-kuleuven_dspace_123456789_6418783</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2019</creationdate><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>D Anvers, Jan-Pieter</creatorcontrib><creatorcontrib>Guo, Qian</creatorcontrib><creatorcontrib>Johansson, Thomas</creatorcontrib><creatorcontrib>Nilsson, Alexander</creatorcontrib><creatorcontrib>Vercauteren, Frederik</creatorcontrib><creatorcontrib>Verbauwhede, Ingrid</creatorcontrib><collection>Lirias (KU Leuven Association)</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>D Anvers, Jan-Pieter</au><au>Guo, Qian</au><au>Johansson, Thomas</au><au>Nilsson, Alexander</au><au>Vercauteren, Frederik</au><au>Verbauwhede, Ingrid</au><au>Sako, Kazue</au><au>Lin, Dongdai</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Decryption Failure Attacks on IND-CCA Secure Lattice-Based Schemes</atitle><btitle>Public-Key Cryptography - PKC 2019</btitle><date>2019-04-06</date><risdate>2019</risdate><volume>11443</volume><spage>565</spage><epage>598</epage><pages>565-598</pages><issn>0302-9743</issn><isbn>3030172597</isbn><isbn>9783030172596</isbn><abstract>In this paper we investigate the impact of decryption failures on the chosen-ciphertext security of lattice-based primitives. We discuss a generic framework for secret key recovery based on decryption failures and present an attack on the NIST Post-Quantum Proposal ss-ntru-pke. Our framework is split in three parts: First, we use a technique to increase the failure rate of lattice-based schemes called failure boosting. Based on this technique we investigate the minimal effort for an adversary to obtain a failure in three cases: when he has access to a quantum computer, when he mounts a multi-target attack or when he can only perform a limited number of oracle queries. Secondly, we examine the amount of information that an adversary can derive from failing ciphertexts. Finally, these techniques are combined in an overall analysis of the security of lattice based schemes under a decryption failure attack. We show that an attacker could significantly reduce the security of lattice based schemes that have a relatively high failure rate. However, for most of the NIST Post-Quantum Proposals, the number of required oracle queries is above practical limits. Furthermore, a new generic weak-key (multi-target) model on lattice-based schemes, which can be viewed as a variant of the previous framework, is proposed. This model further takes into consideration the weak-key phenomenon that a small fraction of keys can have much larger decoding error probability for ciphertexts with certain key-related properties. We apply this model and present an attack in detail on the NIST Post-Quantum Proposal - ss-ntru-pke - with complexity below the claimed security level.</abstract><pub>Springer International Publishing</pub><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0302-9743 |
| ispartof | Public-Key Cryptography - PKC 2019, 2019, Vol.11443, p.565-598 |
| issn | 0302-9743 |
| language | eng |
| recordid | cdi_kuleuven_dspace_123456789_641878 |
| source | Lirias (KU Leuven Association); Springer Books |
| title | Decryption Failure Attacks on IND-CCA Secure Lattice-Based Schemes |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-29T18%3A39%3A40IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-kuleuven&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Decryption%20Failure%20Attacks%20on%20IND-CCA%20Secure%20Lattice-Based%20Schemes&rft.btitle=Public-Key%20Cryptography%20-%20PKC%202019&rft.au=D%20Anvers,%20Jan-Pieter&rft.date=2019-04-06&rft.volume=11443&rft.spage=565&rft.epage=598&rft.pages=565-598&rft.issn=0302-9743&rft.isbn=3030172597&rft.isbn_list=9783030172596&rft_id=info:doi/&rft_dat=%3Ckuleuven%3E123456789_641878%3C/kuleuven%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |