Cryptology ePrint Archive: Report 2019/1392

Decryption failure is more likely after success

Nina Bindel and John M. Schanck

Abstract: The user of an imperfectly correct lattice-based public-key encryption scheme leaks information about their secret key with each decryption query that they answer---even if they answer all queries successfully. Through a refinement of the D'Anvers--Guo--Johansson--Nilsson--Vercauteren--Verbauwhede failure boosting attack, we show that an adversary can use this information to improve his odds of finding a decryption failure. We also propose a new definition of $\delta$-correctness, and we re-assess the correctness of several submissions to NIST's post-quantum standardization effort.

Category / Keywords: public-key cryptography / public-key cryptography, lattice-based cryptography, decryption failure

Date: received 2 Dec 2019

Contact author: nlbindel at uwaterloo ca,jschanck@uwaterloo ca

Available format(s): PDF | BibTeX Citation

Version: 20191204:081853 (All versions of this report)

Short URL: ia.cr/2019/1392


[ Cryptology ePrint archive ]