Paper 2020/1389

Key Mismatch Attack on NewHope Revisited

Jan Vacek and Jan Václavek

Abstract

One of the NIST Post-Quantum Cryptography Standardization Process Round 2 candidates is the NewHope cryptosystem, which is a suite of two RLWE based key encapsulation mechanisms. Recently, four key reuse attacks were proposed against NewHope by Bauer et al., Qin et al., Bhasin et al. and Okada et al. In these attacks, the adversary has access to the key mismatch oracle which tells her if a given ciphertext decrypts to a given message under the targeted secret key. Previous attacks either require more than 26 000 queries to the oracle or they never recover the whole secret key. In this paper, we present a new attack against the NewHope cryptosystem in these key reuse situations. Our attack recovers the whole secret key with the probability of 100% and requires less than 3 200 queries on average. Our work improves state-of-the-art results for NewHope and makes the comparison with other candidates more relevant.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
NewHopeKey mismatch attackPost quantum cryptographyCryptanalysisOracleAttack
Contact author(s)
jan vacek @ thalesgroup com
jan vaclavek @ thalesgroup com
History
2020-11-10: received
Short URL
https://ia.cr/2020/1389
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/1389,
      author = {Jan Vacek and Jan Václavek},
      title = {Key Mismatch Attack on NewHope Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1389},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/1389}},
      url = {https://eprint.iacr.org/2020/1389}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.