Paper 2020/1503

Recovery Attack on Bob's Secrets in CRYSTALS-KYBER and SABER

Satoshi Okada and Yuntao Wang

Abstract

Quantum computing capability outperforms that of the classic computers overwhelmingly, which seriously threatens modern public-key cryptography. For this reason, the National Institute of Standards and Technology (NIST) and several other standards organizations are progressing the standardization for post-quantum cryptography (PQC). There are two contenders among those candidates, CRYSTALS-KYBER and SABER, lattice-based encryption algorithms in the third round finalists of NIST's PQC standardization project. At the current phase, it is important to evaluate their security, which is based on the hardness of the variants of Ring Learning With Errors (Ring-LWE) problem. In ProvSec 2020, Wang et al. introduced a notion of "meta-PKE" for Ring-LWE crypto mechanism. They further proposed randomness reuse attacks on NewHope and LAC cryptosystems which meet the meta-PKE model. In their attacks, the encryptor Bob's partial (or even all) randomness can be recovered if it is reused. In this paper, we propose attacks against CRYSTALS-KYBER and SABER crypto schemes by adapting the meta-PKE model and improving Wang et al.'s methods. Then, we show that our proposed attacks cost at most 4, 3, and 4 queries to recover Bob's randomness for any security levels of I (AES-128), III (AES-192), and V (AES-256), respectively in CRYSTALS-KYBER. Simultaneously, no more than 6, 6, and 4 queries are required to recover Bob's secret for security levels I, III, and V in SABER.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Minor revision. ProvSec 2021
DOI
10.1007/978-3-030-90402-9_9
Keywords
PQCKey Reuse AttackMeta-PKECRYSTALS-KYBERSABER
Contact author(s)
okada-satoshi323 @ g ecc u-tokyo ac jp
y-wang @ jaist ac jp
History
2021-11-05: revised
2020-12-02: received
See all versions
Short URL
https://ia.cr/2020/1503
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1503,
      author = {Satoshi Okada and Yuntao Wang},
      title = {Recovery Attack on Bob's Secrets in {CRYSTALS}-{KYBER} and {SABER}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/1503},
      year = {2020},
      doi = {10.1007/978-3-030-90402-9_9},
      url = {https://eprint.iacr.org/2020/1503}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.