Do Not Bound to a Single Position: Near-Optimal Multi-Positional Mismatch Attacks Against Kyber and Saber

Qian Guo; Erik Mårtensson

doi:10.1007/978-3-031-40003-2_11

Do Not Bound to a Single Position: Near-Optimal Multi-Positional Mismatch Attacks Against Kyber and Saber

Qian Guo, Erik Mårtensson

University of Bergen

Research output: Chapter in Book/Report/Conference proceeding › Paper in conference proceeding › peer-review

Abstract

Misuse resilience is an important security criterion in the evaluation of the NIST Post-quantum cryptography standardization process. In this paper, we propose new key mismatch attacks against Kyber and Saber, NIST's selected scheme for encryption and one of the finalists in the third round of the NIST competition, respectively. Our novel idea is to recover partial information of multiple secret entries in each mismatch oracle call. These multi-positional attacks greatly reduce the expected number of oracle calls needed to fully recover the secret key. They also have significance in side-channel analysis.
From the perspective of lower bounds, our new attacks falsify the Huffman bounds proposed in [Qin et al. ASIACRYPT 2021], where a one-positional mismatch adversary is assumed. Our new attacks can be bounded by the Shannon lower bounds, i.e., the entropy of the distribution generating each secret coefficient times the number of secret entries. We call the new attacks "near-optimal" since their query complexities are close to the Shannon lower bounds.

Original language	English
Title of host publication	The 14th International Conference on Post-Quantum Cryptography (PQCrypto 2023)
Publisher	Springer
Pages	291-320
Number of pages	30
ISBN (Electronic)	978-3-031-40003-2
ISBN (Print)	978-3-031-40002-5
DOIs	https://doi.org/10.1007/978-3-031-40003-2_11
Publication status	Published - 2023
Event	The 14th International Conference on Post-Quantum Cryptography - Stamp Student Union, University of Maryland, College Park, United States Duration: 2023 Aug 16 → 2023 Aug 18 https://pqcrypto2023.umiacs.io/

Conference

Conference	The 14th International Conference on Post-Quantum Cryptography
Abbreviated title	PQCrypto 2023
Country/Territory	United States
City	College Park
Period	2023/08/16 → 2023/08/18
Internet address	https://pqcrypto2023.umiacs.io/

Subject classification (UKÄ)

Other Electrical Engineering, Electronic Engineering, Information Engineering

Access to Document

10.1007/978-3-031-40003-2_11

https://eprint.iacr.org/2022/983

Cite this

@inproceedings{93d6006297104753bce7dc1a3d96e829,

title = "Do Not Bound to a Single Position: Near-Optimal Multi-Positional Mismatch Attacks Against Kyber and Saber",

abstract = "Misuse resilience is an important security criterion in the evaluation of the NIST Post-quantum cryptography standardization process. In this paper, we propose new key mismatch attacks against Kyber and Saber, NIST's selected scheme for encryption and one of the finalists in the third round of the NIST competition, respectively. Our novel idea is to recover partial information of multiple secret entries in each mismatch oracle call. These multi-positional attacks greatly reduce the expected number of oracle calls needed to fully recover the secret key. They also have significance in side-channel analysis.From the perspective of lower bounds, our new attacks falsify the Huffman bounds proposed in [Qin et al. ASIACRYPT 2021], where a one-positional mismatch adversary is assumed. Our new attacks can be bounded by the Shannon lower bounds, i.e., the entropy of the distribution generating each secret coefficient times the number of secret entries. We call the new attacks {"}near-optimal{"} since their query complexities are close to the Shannon lower bounds.",

author = "Qian Guo and Erik M{\aa}rtensson",

year = "2023",

doi = "10.1007/978-3-031-40003-2_11",

language = "English",

isbn = "978-3-031-40002-5",

pages = " 291--320",

booktitle = "The 14th International Conference on Post-Quantum Cryptography (PQCrypto 2023)",

publisher = "Springer",

address = "Germany",

note = "The 14th International Conference on Post-Quantum Cryptography, PQCrypto 2023 ; Conference date: 16-08-2023 Through 18-08-2023",

url = "https://pqcrypto2023.umiacs.io/",

}

Guo, Q & Mårtensson, E 2023, Do Not Bound to a Single Position: Near-Optimal Multi-Positional Mismatch Attacks Against Kyber and Saber. in The 14th International Conference on Post-Quantum Cryptography (PQCrypto 2023). Springer, pp. 291-320, The 14th International Conference on Post-Quantum Cryptography, College Park, Maryland, United States, 2023/08/16. https://doi.org/10.1007/978-3-031-40003-2_11

TY - GEN

T1 - Do Not Bound to a Single Position: Near-Optimal Multi-Positional Mismatch Attacks Against Kyber and Saber

AU - Guo, Qian

AU - Mårtensson, Erik

PY - 2023

Y1 - 2023

N2 - Misuse resilience is an important security criterion in the evaluation of the NIST Post-quantum cryptography standardization process. In this paper, we propose new key mismatch attacks against Kyber and Saber, NIST's selected scheme for encryption and one of the finalists in the third round of the NIST competition, respectively. Our novel idea is to recover partial information of multiple secret entries in each mismatch oracle call. These multi-positional attacks greatly reduce the expected number of oracle calls needed to fully recover the secret key. They also have significance in side-channel analysis.From the perspective of lower bounds, our new attacks falsify the Huffman bounds proposed in [Qin et al. ASIACRYPT 2021], where a one-positional mismatch adversary is assumed. Our new attacks can be bounded by the Shannon lower bounds, i.e., the entropy of the distribution generating each secret coefficient times the number of secret entries. We call the new attacks "near-optimal" since their query complexities are close to the Shannon lower bounds.

AB - Misuse resilience is an important security criterion in the evaluation of the NIST Post-quantum cryptography standardization process. In this paper, we propose new key mismatch attacks against Kyber and Saber, NIST's selected scheme for encryption and one of the finalists in the third round of the NIST competition, respectively. Our novel idea is to recover partial information of multiple secret entries in each mismatch oracle call. These multi-positional attacks greatly reduce the expected number of oracle calls needed to fully recover the secret key. They also have significance in side-channel analysis.From the perspective of lower bounds, our new attacks falsify the Huffman bounds proposed in [Qin et al. ASIACRYPT 2021], where a one-positional mismatch adversary is assumed. Our new attacks can be bounded by the Shannon lower bounds, i.e., the entropy of the distribution generating each secret coefficient times the number of secret entries. We call the new attacks "near-optimal" since their query complexities are close to the Shannon lower bounds.

U2 - 10.1007/978-3-031-40003-2_11

DO - 10.1007/978-3-031-40003-2_11

M3 - Paper in conference proceeding

SN - 978-3-031-40002-5

SP - 291

EP - 320

BT - The 14th International Conference on Post-Quantum Cryptography (PQCrypto 2023)

PB - Springer

T2 - The 14th International Conference on Post-Quantum Cryptography

Y2 - 16 August 2023 through 18 August 2023

ER -

Do Not Bound to a Single Position: Near-Optimal Multi-Positional Mismatch Attacks Against Kyber and Saber

Abstract

Conference

Subject classification (UKÄ)

Access to Document

Fingerprint

Cite this