HILA5 pindakaas: on the CCA security of lattice-based encryption with error correction

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

4 Citations (Scopus)

Abstract

We show that the NISTPQC submission HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST’s procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.

LanguageEnglish
Title of host publicationProgress in Cryptology - AFRICACRYPT 2018
Subtitle of host publication10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings
EditorsA. Joux, A. Nitaj, T. Rachidi
Place of PublicationDordrecht
PublisherSpringer
Pages203-216
Number of pages14
ISBN (Electronic)978-3-319-89339-6
ISBN (Print)978-3-319-89338-9
DOIs
StatePublished - 1 Jan 2018
Event10th International Conference on the Theory and Application of Cryptographic Techniques in Africa (Africacrypt 2018) - Marrakesh, Morocco
Duration: 7 May 20189 May 2018
Conference number: 10

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10831 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference10th International Conference on the Theory and Application of Cryptographic Techniques in Africa (Africacrypt 2018)
Abbreviated titleAFRICACRYPT 2018
CountryMorocco
CityMarrakesh
Period7/05/189/05/18

Fingerprint

Error correction
Error Correction
Encapsulation
Encryption
Cryptography
Attack
Recovery
Authenticated Encryption
Key Recovery
Public Key Encryption
Demonstrate

Keywords

  • KEM
  • Post-quantum cryptography
  • Reaction attack
  • RLWE

Cite this

Bernstein, D. J., Groot Bruinderink, L., Lange, T., & Panny, L. (2018). HILA5 pindakaas: on the CCA security of lattice-based encryption with error correction. In A. Joux, A. Nitaj, & T. Rachidi (Eds.), Progress in Cryptology - AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings (pp. 203-216). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10831 LNCS). Dordrecht: Springer. DOI: 10.1007/978-3-319-89339-6_12
Bernstein, Daniel J. ; Groot Bruinderink, Leon ; Lange, Tanja ; Panny, Lorenz. / HILA5 pindakaas : on the CCA security of lattice-based encryption with error correction. Progress in Cryptology - AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings. editor / A. Joux ; A. Nitaj ; T. Rachidi. Dordrecht : Springer, 2018. pp. 203-216 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{e79aedbcf7364dc3ac2229f0ef13561d,
title = "HILA5 pindakaas: on the CCA security of lattice-based encryption with error correction",
abstract = "We show that the NISTPQC submission HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST’s procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.",
keywords = "KEM, Post-quantum cryptography, Reaction attack, RLWE",
author = "Bernstein, {Daniel J.} and {Groot Bruinderink}, Leon and Tanja Lange and Lorenz Panny",
year = "2018",
month = "1",
day = "1",
doi = "10.1007/978-3-319-89339-6_12",
language = "English",
isbn = "978-3-319-89338-9",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "203--216",
editor = "A. Joux and A. Nitaj and T. Rachidi",
booktitle = "Progress in Cryptology - AFRICACRYPT 2018",
address = "Germany",

}

Bernstein, DJ, Groot Bruinderink, L, Lange, T & Panny, L 2018, HILA5 pindakaas: on the CCA security of lattice-based encryption with error correction. in A Joux, A Nitaj & T Rachidi (eds), Progress in Cryptology - AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10831 LNCS, Springer, Dordrecht, pp. 203-216, 10th International Conference on the Theory and Application of Cryptographic Techniques in Africa (Africacrypt 2018), Marrakesh, Morocco, 7/05/18. DOI: 10.1007/978-3-319-89339-6_12

HILA5 pindakaas : on the CCA security of lattice-based encryption with error correction. / Bernstein, Daniel J.; Groot Bruinderink, Leon; Lange, Tanja; Panny, Lorenz.

Progress in Cryptology - AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings. ed. / A. Joux; A. Nitaj; T. Rachidi. Dordrecht : Springer, 2018. p. 203-216 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10831 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - HILA5 pindakaas

T2 - on the CCA security of lattice-based encryption with error correction

AU - Bernstein,Daniel J.

AU - Groot Bruinderink,Leon

AU - Lange,Tanja

AU - Panny,Lorenz

PY - 2018/1/1

Y1 - 2018/1/1

N2 - We show that the NISTPQC submission HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST’s procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.

AB - We show that the NISTPQC submission HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST’s procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.

KW - KEM

KW - Post-quantum cryptography

KW - Reaction attack

KW - RLWE

UR - http://www.scopus.com/inward/record.url?scp=85045940909&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-89339-6_12

DO - 10.1007/978-3-319-89339-6_12

M3 - Conference contribution

SN - 978-3-319-89338-9

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 203

EP - 216

BT - Progress in Cryptology - AFRICACRYPT 2018

PB - Springer

CY - Dordrecht

ER -

Bernstein DJ, Groot Bruinderink L, Lange T, Panny L. HILA5 pindakaas: on the CCA security of lattice-based encryption with error correction. In Joux A, Nitaj A, Rachidi T, editors, Progress in Cryptology - AFRICACRYPT 2018: 10th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 7–9, 2018, Proceedings. Dordrecht: Springer. 2018. p. 203-216. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). Available from, DOI: 10.1007/978-3-319-89339-6_12