[Resource Topic] 2025/1496: Noise-Tolerant Plaintext-Checking Oracle Attacks -- A Soft-Analytic Approach Applied to ML-KEM

Resource Attacks and cryptanalysis
1

Welcome to the resource topic for 2025/1496

Title:
Noise-Tolerant Plaintext-Checking Oracle Attacks – A Soft-Analytic Approach Applied to ML-KEM

Authors: Julius Hermelink, Erik Mårtensson, Maggie Tran

Abstract:

Plaintext-checking (PC) oracles are among the most prominent types of attacks against the recently standardized ML-KEM. Previous works have drastically reduced the number of queries to recover the secret key. While the number of traces is close to the information theoretic bound, current attacks have not yet been adapted to setting with increased noise and highly imperfect oracles.
In attacks targeting real-world protected implementations, we have to expect noisy information leading to oracles that only give a small advantage over guessing. In this work, we show how to deal with imperfect oracles arising from side-channels under a high noise level. We present several new highly noise-tolerant parallel PC-oracle attacks. Our attacks rely on soft-analytic techniques and can deal with just a slight advantage over guessing. We present several attacks that either optimally update the sub-key distribution or compute approximations to the marginals. In addition, we extend the generic framework for side-channel information from Eurocrypt 2025.

We then discuss several oracle instantiations based on the noisy Hamming weight model. These oracles rely on widely accepted assumptions while also being easy to simulate and allowing for fair comparisons between different attacks. Furthermore, we take masking countermeasures into account. Our evaluations in these and previous models show that PC-oracle attacks are highly noise-tolerant – on an entirely different scale compared to previous work. These improvements are of algorithmic nature and orthogonal to the fact that the Fujisaki-Okamoto transform in ML-KEM offers a large attack surface. We discuss the implications of our findings for protected ML-KEM implementations.

ePrint: https://eprint.iacr.org/2025/1496

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .