Paper 2017/1214

HILA5 Pindakaas: On the CCA security of lattice-based encryption with error correction

Daniel J. Bernstein, Leon Groot Bruinderink, Tanja Lange, and Lorenz Panny

Abstract

We show that the NISTPQC submission HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST's procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Post-quantum cryptographyKEMRLWEreaction attack.
Contact author(s)
authorcontact-helaas @ box cr yp to
History
2018-03-09: revised
2017-12-18: received
See all versions
Short URL
https://ia.cr/2017/1214
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/1214,
      author = {Daniel J.  Bernstein and Leon Groot Bruinderink and Tanja Lange and Lorenz Panny},
      title = {HILA5 Pindakaas: On the CCA security of lattice-based encryption with error correction},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1214},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/1214}},
      url = {https://eprint.iacr.org/2017/1214}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.