"HILA5 pindakaas" : on the CCA security of lattice-based encryption with error correction

D.J. Bernstein; L.  Groot Bruinderink; T. Lange; L. Panny

"HILA5 pindakaas" : on the CCA security of lattice-based encryption with error correction

D.J. Bernstein, L. Groot Bruinderink, T. Lange, L. Panny

Research output: Book/Report › Report › Academic

134 Downloads (Pure)

Abstract

We show that HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST's procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.

Original language	English
Place of Publication	s.l.
Publisher	IACR
Number of pages	14
Publication status	Published - 2017

Publication series

Name	Cryptology ePrint Archive
Volume	2017/1214

Access to Document

publishers versionFinal published version, 435 KB

https://eprint.iacr.org/2017/1214

Fingerprint Dive into the research topics of '"HILA5 pindakaas" : on the CCA security of lattice-based encryption with error correction'. Together they form a unique fingerprint.

Cite this

@book{8e35c58ca9624a789d8004a72bf76e2d,

title = "{"}HILA5 pindakaas{"} : on the CCA security of lattice-based encryption with error correction",

abstract = "We show that HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST's procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5. ",

author = "D.J. Bernstein and {Groot Bruinderink}, L. and T. Lange and L. Panny",

year = "2017",

language = "English",

series = "Cryptology ePrint Archive",

publisher = "IACR",

}

TY - BOOK

T1 - "HILA5 pindakaas" : on the CCA security of lattice-based encryption with error correction

AU - Bernstein, D.J.

AU - Groot Bruinderink, L.

AU - Lange, T.

AU - Panny, L.

PY - 2017

Y1 - 2017

N2 - We show that HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST's procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.

AB - We show that HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST's procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.

M3 - Report

T3 - Cryptology ePrint Archive

BT - "HILA5 pindakaas" : on the CCA security of lattice-based encryption with error correction

PB - IACR

CY - s.l.

ER -