Paper 2021/123

A Systematic Approach and Analysis of Key Mismatch Attacks on Lattice-Based NIST Candidate KEMs

Yue Qin, Chi Cheng, Xiaohan Zhang, Yanbin Pan, Lei Hu, and Jintai Ding


The research on the key mismatch attacks against the lattice-based KEMs is an important part of the cryptographic assessment of the ongoing NIST standardization. There have been a number of these attacks. However, a unified method to evaluate these KEMs' resilience under key mismatch attacks is still missing. Since the key index of the efficiency of these attacks is the number of queries needed to successfully mount such an attack, in this paper, we propose and develop a systematic approach to find the lower bounds on the minimum average number of queries needed for such attacks. Our basic idea is to transform the problem of finding the lower bound of queries into finding an optimal binary recovery tree (BRT), where the computations of the lower bounds become essentially the computations of a certain Shannon entropy. The introduction of the optimal BRT approach also enables us to understand why, for some lattice-based NIST candidate KEMs, there is a big gap between the theoretical bounds and practical attacks, in terms of the number of queries needed. This further leads us to propose a generic improvement method for these existing attacks, which are confirmed by our experiments. Moreover, our proposed method could be directly used to improve the side-channel attacks against CCA-secure NIST candidate KEMs.

Available format(s)
Public-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2021
Key Mismatch AttacksLattice-Based CryptographyKEMsNIST standardization
Contact author(s)
chengchizz @ qq com
2021-12-09: last of 5 revisions
2021-02-05: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yue Qin and Chi Cheng and Xiaohan Zhang and Yanbin Pan and Lei Hu and Jintai Ding},
      title = {A Systematic Approach and Analysis of Key Mismatch Attacks on Lattice-Based NIST Candidate KEMs},
      howpublished = {Cryptology ePrint Archive, Paper 2021/123},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.