Cryptology ePrint Archive: Report 2022/131

Light the Signal: Optimization of Signal Leakage Attacks against LWE-Based Key Exchange

Yue Qin and Ruoyu Ding and Chi Cheng and Nina Bindel and Yanbin Pan and Jintai Ding

Abstract: Key exchange protocols from the learning with errors (LWE) problem share many similarities with the Diffie–Hellman–Merkle (DHM) protocol, which plays a central role in securing our Internet. Therefore, there has been a long time effort in designing authenticated key exchange directly from LWE to mirror the advantages of DHM-based protocols. In this paper, we revisit signal leakage attacks and show that the severity of these attacks against LWE-based (authenticated) key exchange is still underestimated. In particular, by converting the problem of launching a signal leakage attack into a coding problem, we can significantly reduce the needed number of queries to reveal the secret key. Specifically, for DXL-KE we reduce the queries from 1,266 to only 29, while for DBS-KE, we need only 748 queries, a great improvement over the previous 1,074,434 queries. Moreover, our new view of signals as binary codes enables recognizing vulnerable schemes more easily. As such we completely recover the secret key of a password-based authenticated key exchange scheme by Dabra et al. with only 757 queries and partially reveal the secret used in a two-factor authentication by Wang et al. with only one query. The experimental evaluation supports our theoretical analysis and demonstrates the efficiency and effectiveness of our attacks. Our results caution against underestimating the power of signal leakage attacks as they are applicable even in settings with a very restricted number of interactions between adversary and victim.

Category / Keywords: public-key cryptography / Post-quantum cryptography; Key exchange; Learning with errors; Signal leakage attack

Date: received 5 Feb 2022, last revised 21 Feb 2022

Contact author: chengchizz at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20220221:102919 (All versions of this report)

Short URL: ia.cr/2022/131


[ Cryptology ePrint archive ]