HILA5 pindakaas: on the CCA security of lattice-based encryption with error correction

Daniel J. Bernstein; Leon Groot Bruinderink; Tanja Lange; Lorenz Panny

doi:10.1007/978-3-319-89339-6_12

HILA5 pindakaas: on the CCA security of lattice-based encryption with error correction

Daniel J. Bernstein, Leon Groot Bruinderink, Tanja Lange, Lorenz Panny

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

10 Citations (Scopus)

2 Downloads (Pure)

Abstract

We show that the NISTPQC submission HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST’s procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.

Original language	English
Title of host publication	Progress in Cryptology - AFRICACRYPT 2018
Subtitle of host publication	10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings
Editors	A. Joux, A. Nitaj, T. Rachidi
Place of Publication	Dordrecht
Publisher	Springer
Pages	203-216
Number of pages	14
ISBN (Electronic)	978-3-319-89339-6
ISBN (Print)	978-3-319-89338-9
DOIs	https://doi.org/10.1007/978-3-319-89339-6_12
Publication status	Published - 1 Jan 2018
Event	10th International Conference on the Theory and Application of Cryptographic Techniques in Africa (Africacrypt 2018) - Marrakesh, Morocco Duration: 7 May 2018 → 9 May 2018 Conference number: 10

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10831 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	10th International Conference on the Theory and Application of Cryptographic Techniques in Africa (Africacrypt 2018)
Abbreviated title	AFRICACRYPT 2018
Country/Territory	Morocco
City	Marrakesh
Period	7/05/18 → 9/05/18

Keywords

KEM
Post-quantum cryptography
Reaction attack
RLWE

Access to Document

10.1007/978-3-319-89339-6_12

https://eprint.iacr.org/2017/1214.pdf

Cite this

Bernstein, D. J., Groot Bruinderink, L., Lange, T., & Panny, L. (2018). HILA5 pindakaas: on the CCA security of lattice-based encryption with error correction. In A. Joux, A. Nitaj, & T. Rachidi (Eds.), Progress in Cryptology - AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings (pp. 203-216). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10831 LNCS). Springer. https://doi.org/10.1007/978-3-319-89339-6_12

Bernstein, Daniel J. ; Groot Bruinderink, Leon ; Lange, Tanja et al. / HILA5 pindakaas : on the CCA security of lattice-based encryption with error correction. Progress in Cryptology - AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings. editor / A. Joux ; A. Nitaj ; T. Rachidi. Dordrecht : Springer, 2018. pp. 203-216 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{e79aedbcf7364dc3ac2229f0ef13561d,

title = "HILA5 pindakaas: on the CCA security of lattice-based encryption with error correction",

abstract = "We show that the NISTPQC submission HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST{\textquoteright}s procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.",

keywords = "KEM, Post-quantum cryptography, Reaction attack, RLWE",

author = "Bernstein, {Daniel J.} and {Groot Bruinderink}, Leon and Tanja Lange and Lorenz Panny",

year = "2018",

month = jan,

day = "1",

doi = "10.1007/978-3-319-89339-6_12",

language = "English",

isbn = "978-3-319-89338-9",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "203--216",

editor = "A. Joux and A. Nitaj and T. Rachidi",

booktitle = "Progress in Cryptology - AFRICACRYPT 2018",

address = "Germany",

note = "10th International Conference on the Theory and Application of Cryptographic Techniques in Africa (Africacrypt 2018), AFRICACRYPT 2018 ; Conference date: 07-05-2018 Through 09-05-2018",

}

Bernstein, DJ, Groot Bruinderink, L, Lange, T & Panny, L 2018, HILA5 pindakaas: on the CCA security of lattice-based encryption with error correction. in A Joux, A Nitaj & T Rachidi (eds), Progress in Cryptology - AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10831 LNCS, Springer, Dordrecht, pp. 203-216, 10th International Conference on the Theory and Application of Cryptographic Techniques in Africa (Africacrypt 2018), Marrakesh, Morocco, 7/05/18. https://doi.org/10.1007/978-3-319-89339-6_12

HILA5 pindakaas: on the CCA security of lattice-based encryption with error correction. / Bernstein, Daniel J.; Groot Bruinderink, Leon; Lange, Tanja et al.
Progress in Cryptology - AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings. ed. / A. Joux; A. Nitaj; T. Rachidi. Dordrecht: Springer, 2018. p. 203-216 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10831 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - HILA5 pindakaas

T2 - 10th International Conference on the Theory and Application of Cryptographic Techniques in Africa (Africacrypt 2018)

AU - Bernstein, Daniel J.

AU - Groot Bruinderink, Leon

AU - Lange, Tanja

AU - Panny, Lorenz

N1 - Conference code: 10

PY - 2018/1/1

Y1 - 2018/1/1

N2 - We show that the NISTPQC submission HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST’s procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.

AB - We show that the NISTPQC submission HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST’s procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.

KW - KEM

KW - Post-quantum cryptography

KW - Reaction attack

KW - RLWE

UR - http://www.scopus.com/inward/record.url?scp=85045940909&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-89339-6_12

DO - 10.1007/978-3-319-89339-6_12

M3 - Conference contribution

AN - SCOPUS:85045940909

SN - 978-3-319-89338-9

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 203

EP - 216

BT - Progress in Cryptology - AFRICACRYPT 2018

A2 - Joux, A.

A2 - Nitaj, A.

A2 - Rachidi, T.

PB - Springer

CY - Dordrecht

Y2 - 7 May 2018 through 9 May 2018

ER -

Bernstein DJ, Groot Bruinderink L, Lange T , Panny L. HILA5 pindakaas: on the CCA security of lattice-based encryption with error correction. In Joux A, Nitaj A, Rachidi T, editors, Progress in Cryptology - AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings. Dordrecht: Springer. 2018. p. 203-216. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-89339-6_12

HILA5 pindakaas: on the CCA security of lattice-based encryption with error correction

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

"HILA5 pindakaas" : on the CCA security of lattice-based encryption with error correction

Cite this