Cryptology ePrint Archive: Report 2019/1392

Decryption failure is more likely after success

Nina Bindel and John M. Schanck

Abstract: The user of an imperfectly correct lattice-based public-key encryption scheme leaks information about their secret key with each decryption query that they answer---even if they answer all queries successfully. Through a refinement of the D'Anvers--Guo--Johansson--Nilsson--Vercauteren--Verbauwhede failure boosting attack, we show that an adversary can use this information to improve his odds of finding a decryption failure. We also propose a new definition of $\delta$-correctness, and we re-assess the correctness of several submissions to NIST's post-quantum standardization effort.

Category / Keywords: public-key cryptography / public-key cryptography, lattice-based cryptography, decryption failure

Original Publication (in the same form): PQCrypto 2020

Date: received 2 Dec 2019, last revised 7 Feb 2020

Contact author: nlbindel at uwaterloo ca, jschanck at uwaterloo ca

Available format(s): PDF | BibTeX Citation

Version: 20200207:214650 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]