Paper 2017/1140

Lattice Klepto: Turning Post-Quantum Crypto Against Itself

Robin Kwant, Tanja Lange, and Kimberley Thissen


This paper studies ways to backdoor lattice-based systems following Young and Yung's work on backdooring RSA and discrete-log based systems. For the NTRU encryption scheme we show how to build a backdoor and to change the system so that each ciphertext leaks information about the plaintext to the owner of the backdoor. For signature schemes the backdoor leaks information about the signing key to the backdoor owner. As in Young and Yung's work the backdoor uses the freedom that random selections offer in the protocol to hide a secret message encrypted to the backdoor owner. The most interesting and very different part though is how to hide and retrieve the hidden messages.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. MINOR revision.Selected Areas in Cryptography 2017
Post-quantum cryptographykleptographylattice-based encryptionNTRUsignatures
Contact author(s)
k k a thissen @ student tue nl
2017-11-27: received
Short URL
Creative Commons Attribution


      author = {Robin Kwant and Tanja Lange and Kimberley Thissen},
      title = {Lattice Klepto: Turning Post-Quantum Crypto Against Itself},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1140},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.