Welcome to the resource topic for 2023/1892
Title:
Asymptotics of hybrid primal lattice attacks
Authors: Daniel J. Bernstein
Abstract:The literature gives the impression that (1) existing heuristics accurately predict how effective lattice attacks are, (2) non-ternary lattice systems are not vulnerable to hybrid multi-decoding primal attacks, and (3) the asymptotic exponents of attacks against non-ternary systems have stabilized.
This paper shows that 1 contradicts 2 and that 1 contradicts 3: the existing heuristics imply that hybrid primal key-recovery attacks are exponentially faster than standard non-hybrid primal key-recovery attacks against the LPR PKE with any constant error width. This is the first report since 2015 of an exponential speedup in heuristic non-quantum primal attacks against non-ternary LPR.
Quantitatively, for dimension n, modulus n^{Q_0+o(1)}, and error width w, a surprisingly simple hybrid attack reduces heuristic costs from 2^{(ρ+o(1))n} to 2^{(ρ-ρ H_0+o(1))n}, where z_0=2Q_0/(Q_0+1/2)^2, ρ=z_0 log_4(3/2), and H_0=1/(1+(lg w)/0.057981z_0). This raises the questions of (1) what heuristic exponent is achieved by more sophisticated hybrid attacks and (2) what impact hybrid attacks have upon concrete cryptosystems whose security analyses have ignored hybrid attacks, such as Kyber-512.
ePrint: https://eprint.iacr.org/2023/1892
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .