"HILA5 pindakaas" : on the CCA security of lattice-based encryption with error correction

Research output: Book/ReportReportAcademic

134 Downloads (Pure)

Abstract

We show that HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST's procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.
Original languageEnglish
Place of Publications.l.
PublisherIACR
Number of pages14
Publication statusPublished - 2017

Publication series

NameCryptology ePrint Archive
Volume2017/1214

Fingerprint Dive into the research topics of '"HILA5 pindakaas" : on the CCA security of lattice-based encryption with error correction'. Together they form a unique fingerprint.

Cite this