Cryptology ePrint Archive: Report 2017/1214

"HILA5 Pindakaas": On the CCA security of lattice-based encryption with error correction

Daniel J. Bernstein and Leon Groot Bruinderink and Tanja Lange and Lorenz Panny

Abstract: We show that HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST's procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.

Category / Keywords: public-key cryptography / Post-quantum cryptography, KEM, RLWE, reaction attack.

Date: received 18 Dec 2017, last revised 18 Dec 2017

Contact author: authorcontact-helaas at box cr yp to

Available format(s): PDF | BibTeX Citation

Version: 20171218:211711 (All versions of this report)

Short URL: ia.cr/2017/1214

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]