You are looking at a specific version 20201221:074117 of this paper. See the latest version.

Paper 2020/1578

An IND-CCA2 Attack Against the 1st- and 2nd-round Versions of NTS-KEM

Tung Chou

Abstract

This paper presents an IND-CCA2 attack against the 1st- and 2nd-round versions of NTS-KEM, i.e., the versions before the update in December 2019. Our attack works against the 1st- and 2nd-round specifications, with a number of decapsulation queries upper-bounded by n − k and an advantage lower-bounded by roughly 0.5(n − k)t/n^2 , where n, k, and t stand for the code length, code dimension, and the designed decoding capacity, for all the three parameter sets of NTS-KEM. We found that the non-reference implementations are also vulnerable to our attack, even though there are bugs. There are also bugs in the reference implementations, but in a way invulnerable to our attack.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. SECITC 2020 (to appear)
Keywords
NIST PQC standardizationPost-quantum cryptogrphyCode-based cryptographyIND-CCA2
Contact author(s)
blueprint @ crypto tw
History
2020-12-21: received
Short URL
https://ia.cr/2020/1578
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.