Paper 2019/1392

Decryption failure is more likely after success

Nina Bindel and John M. Schanck

Abstract

The user of an imperfectly correct lattice-based public-key encryption scheme leaks information about their secret key with each decryption query that they answer---even if they answer all queries successfully. Through a refinement of the D'Anvers--Guo--Johansson--Nilsson--Vercauteren--Verbauwhede failure boosting attack, we show that an adversary can use this information to improve his odds of finding a decryption failure. We also propose a new definition of $\delta$-correctness, and we re-assess the correctness of several submissions to NIST's post-quantum standardization effort.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. PQCrypto 2020
Keywords
public-key cryptographylattice-based cryptographydecryption failure
Contact author(s)
nlbindel @ uwaterloo ca
jschanck @ uwaterloo ca
History
2020-02-07: revised
2019-12-04: received
See all versions
Short URL
https://ia.cr/2019/1392
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1392,
      author = {Nina Bindel and John M.  Schanck},
      title = {Decryption failure is more likely after success},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1392},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/1392}},
      url = {https://eprint.iacr.org/2019/1392}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.