[Resource Topic] 2019/043: A Generic Attack on Lattice-based Schemes using Decryption Errors with Application to ss-ntru-pke

Welcome to the resource topic for 2019/043

Title:
A Generic Attack on Lattice-based Schemes using Decryption Errors with Application to ss-ntru-pke

Authors: Qian Guo, Thomas Johansson, Alexander Nilsson

Abstract:

Hard learning problems are central topics in recent cryptographic research. Many cryptographic primitives relate their security to difficult problems in lattices, such as the shortest vector problem. Such schemes include the possibility of decryption errors with some very small probability. In this paper we propose and discuss a generic attack for secret key recovery based on generating decryption errors. In a standard PKC setting, the model first consists of a precomputation phase where special messages and their corresponding error vectors are generated. Secondly, the messages are submitted for decryption and some decryption errors are observed. Finally, a phase with a statistical analysis of the messages/errors causing the decryption errors reveals the secret key. The idea is that conditioned on certain secret keys, the decryption error probability is significantly higher than the average case used in the error probability estimation. The attack is demonstrated in detail on one NIST Post-Quantum Proposal, ss-ntru-pke, that is attacked with complexity below the claimed security level.

ePrint: https://eprint.iacr.org/2019/043

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .