Cryptology ePrint Archive: Report 2020/1389

Key Mismatch Attack on NewHope Revisited

Jan Vacek and Jan Václavek

Abstract: One of the NIST Post-Quantum Cryptography Standardization Process Round 2 candidates is the NewHope cryptosystem, which is a suite of two RLWE based key encapsulation mechanisms. Recently, four key reuse attacks were proposed against NewHope by Bauer et al., Qin et al., Bhasin et al. and Okada et al. In these attacks, the adversary has access to the key mismatch oracle which tells her if a given ciphertext decrypts to a given message under the targeted secret key. Previous attacks either require more than 26 000 queries to the oracle or they never recover the whole secret key. In this paper, we present a new attack against the NewHope cryptosystem in these key reuse situations. Our attack recovers the whole secret key with the probability of 100% and requires less than 3 200 queries on average. Our work improves state-of-the-art results for NewHope and makes the comparison with other candidates more relevant.

Category / Keywords: NewHope, Key mismatch attack, Post quantum cryptography, Cryptanalysis, Oracle, Attack

Date: received 6 Nov 2020

Contact author: jan vacek at thalesgroup com, jan vaclavek@thalesgroup com

Available format(s): PDF | BibTeX Citation

Version: 20201110:125327 (All versions of this report)

Short URL: ia.cr/2020/1389


[ Cryptology ePrint archive ]