Paper 2020/1370

A discretization attack

Daniel J. Bernstein

Abstract

This paper presents an attack against common procedures for comparing the size-security tradeoffs of proposed cryptosystems. The attack begins with size-security tradeoff data, and then manipulates the presentation of the data in a way that favors a proposal selected by the attacker, while maintaining plausible deniability for the attacker. As concrete examples, this paper shows two manipulated comparisons of size-security tradeoffs of lattice-based encryption proposals submitted to the NIST Post-Quantum Cryptography Standardization Project. One of these manipulated comparisons appears to match public claims made by NIST, while the other does not, and the underlying facts do not. This raises the question of whether NIST has been subjected to this attack. This paper also considers a weak defense and a strong defense that can be applied by standards-development organizations and by other people comparing cryptographic algorithms. The weak defense does not protect the integrity of comparisons, although it does force this type of attack to begin early. The strong defense stops this attack.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
back doorsNSANISTNISTPQCcategory theory
Contact author(s)
authorcontact-categories @ box cr yp to
History
2020-11-02: received
Short URL
https://ia.cr/2020/1370
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/1370,
      author = {Daniel J.  Bernstein},
      title = {A discretization attack},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1370},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/1370}},
      url = {https://eprint.iacr.org/2020/1370}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.