The Perils of Limited Key Reuse: Adaptive and Parallel Mismatch Attacks with Post-processing Against Kyber
Guo, Qian LU ; Mårtensson, Erik LU
and Åström, Adrian
(2024)
In IACR Communications in Cryptology
1(3).
- Abstract
- The Module Learning With Errors (MLWE)-based Key Encapsulation Mechanism (KEM) Kyber is NIST's new standard scheme for post-quantum encryption. As a building block, Kyber uses a Chosen Plaintext Attack (CPA)-secure Public Key Encryption (PKE) scheme, referred to as Kyber.CPAPKE. In this paper we study the robustness of Kyber.CPAPKE against key mismatch attacks.
We demonstrate that Kyber's security levels can be compromised if having access to a few mismatch queries of Kyber.CPAPKE, by striking a balance between the parallelization level and the cost of lattice reduction for post-processing. This highlights the imperative need to strictly prohibit key reuse in Kyber.CPAPKE.
We further propose an adaptive method to enhance... (More) - The Module Learning With Errors (MLWE)-based Key Encapsulation Mechanism (KEM) Kyber is NIST's new standard scheme for post-quantum encryption. As a building block, Kyber uses a Chosen Plaintext Attack (CPA)-secure Public Key Encryption (PKE) scheme, referred to as Kyber.CPAPKE. In this paper we study the robustness of Kyber.CPAPKE against key mismatch attacks.
We demonstrate that Kyber's security levels can be compromised if having access to a few mismatch queries of Kyber.CPAPKE, by striking a balance between the parallelization level and the cost of lattice reduction for post-processing. This highlights the imperative need to strictly prohibit key reuse in Kyber.CPAPKE.
We further propose an adaptive method to enhance parallel mismatch attacks, initially proposed by Shao et al. at AsiaCCS 2024, thereby significantly reducing query complexity. This method combines the adaptive attack with post-processing via lattice reduction to retrieve the final secret key entries. Our method proves its efficacy by reducing query complexity by 14.6 % for Kyber512 and 7.5 % for Kyber768/Kyber1024.
Furthermore, this approach has the potential to improve multi-value Plaintext-Checking (PC) oracle-based side-channel attacks and fault-injection attacks against Kyber itself. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/e3ed6bca-bca8-442f-9f83-67f6d3d325ea
- author
- Guo, Qian
LU
; Mårtensson, Erik
LU
and Åström, Adrian
- organization
- publishing date
- 2024-10-07
- type
- Contribution to journal
- publication status
- published
- subject
- in
- IACR Communications in Cryptology
- volume
- 1
- issue
- 3
- DOI
- 10.62056/a3n5qj888
- language
- English
- LU publication?
- yes
- id
- e3ed6bca-bca8-442f-9f83-67f6d3d325ea
- date added to LUP
- 2024-10-15 14:24:52
- date last changed
- 2025-04-04 15:21:26
@article{e3ed6bca-bca8-442f-9f83-67f6d3d325ea,
abstract = {{The Module Learning With Errors (MLWE)-based Key Encapsulation Mechanism (KEM) Kyber is NIST's new standard scheme for post-quantum encryption. As a building block, Kyber uses a Chosen Plaintext Attack (CPA)-secure Public Key Encryption (PKE) scheme, referred to as Kyber.CPAPKE. In this paper we study the robustness of Kyber.CPAPKE against key mismatch attacks.<br/><br/>We demonstrate that Kyber's security levels can be compromised if having access to a few mismatch queries of Kyber.CPAPKE, by striking a balance between the parallelization level and the cost of lattice reduction for post-processing. This highlights the imperative need to strictly prohibit key reuse in Kyber.CPAPKE.<br/><br/>We further propose an adaptive method to enhance parallel mismatch attacks, initially proposed by Shao et al. at AsiaCCS 2024, thereby significantly reducing query complexity. This method combines the adaptive attack with post-processing via lattice reduction to retrieve the final secret key entries. Our method proves its efficacy by reducing query complexity by 14.6 % for Kyber512 and 7.5 % for Kyber768/Kyber1024.<br/><br/>Furthermore, this approach has the potential to improve multi-value Plaintext-Checking (PC) oracle-based side-channel attacks and fault-injection attacks against Kyber itself.}},
author = {{Guo, Qian and Mårtensson, Erik and Åström, Adrian}},
language = {{eng}},
month = {{10}},
number = {{3}},
series = {{IACR Communications in Cryptology}},
title = {{The Perils of Limited Key Reuse: Adaptive and Parallel Mismatch Attacks with Post-processing Against Kyber}},
url = {{http://dx.doi.org/10.62056/a3n5qj888}},
doi = {{10.62056/a3n5qj888}},
volume = {{1}},
year = {{2024}},
}