Paper 2019/525

Misuse Attacks on Post-Quantum Cryptosystems

Ciprian Băetu, F. Betül Durak, Loïs Huguenin-Dumittan, Abdullah Talayhan, and Serge Vaudenay


Many post-quantum cryptosystems which have been proposed in the National Institute of Standards and Technology (NIST) standardization process follow the same meta-algorithm, but in different algebras or different encoding methods. They usually propose two constructions, one being weaker and the other requiring a random oracle. We focus on the weak version of nine submissions to NIST. Submitters claim no security when the secret key is used several times. In this paper, we analyze how easy it is to run a key recovery under multiple key reuse. We mount a classical key recovery under plaintext checking attacks (i.e., with a plaintext checking oracle saying if a given ciphertext decrypts well to a given plaintext) and a quantum key recovery under chosen ciphertext attacks. In the latter case, we assume quantum access to the decryption oracle.

Available format(s)
Public-key cryptography
Publication info
Published by the IACR in EUROCRYPT 2019
post-quantum cryptographycryptanalysis
Contact author(s)
serge vaudenay @ epfl ch
durakfbetul @ gmail com
lois huguenin-dumittan @ epfl ch
2019-05-20: received
Short URL
Creative Commons Attribution


      author = {Ciprian Băetu and F.  Betül Durak and Loïs Huguenin-Dumittan and Abdullah Talayhan and Serge Vaudenay},
      title = {Misuse Attacks on Post-Quantum Cryptosystems},
      howpublished = {Cryptology ePrint Archive, Paper 2019/525},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.