Paper 2022/1403

On the Dual Attack of LWE Schemes in the Presence of Hints

Han Wu, Shandong University
Xiaoyun Wang, Tsinghua University
Guangwu Xu, Shandong University
Abstract

Combining theoretical-based traditional attack method with practical-based side-channel attack method provides more accurate security estimations for post-quantum cryptosystems. In CRYPTO 2020, Dachman-Soled et al. integrated hints from side-channel information to the primal attack against LWE schemes. This paper develops a general Fourier analytic framework to work with the dual attack in the presence of hints. Distinguishers that depend on specific geometric properties related to hints are established. The Fourier transform of discretized multivariate conditional Gaussian distribution on $\mathbb{Z}_q^d$ is carefully computed and estimated, some geometric characteristics of the resulting distinguisher are explored and a new model of dual attack is proposed. In our framework, an adversary performs the BKZ algorithm directly in a projected lattice to find short projection components, and then recovers them by MLLL algorithm to make a distinction. This method relies on a reasonable assumption and is backed up by naturally formed mathematical arguments. The improvements and the assumption are validated by experiments. For examples, for a Kyber768 instance, with 200 hints, the blocksize can be reduced by at least 188 and the time complexity can be reduced by a factor of greater than $2^{55}$. After adding 300 hints to a FireSaber instance, even in the worst case, the blocksize drops from 819 to 542, and the cost drops from $2^{255.61}$ to $2^{174.72}$.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Contact author(s)
hanwu97 @ mail sdu edu cn
xiaoyunwang @ mail tsinghua edu cn
gxu4sdq @ sdu edu cn
History
2022-10-23: approved
2022-10-16: received
See all versions
Short URL
https://ia.cr/2022/1403
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1403,
      author = {Han Wu and Xiaoyun Wang and Guangwu Xu},
      title = {On the Dual Attack of {LWE} Schemes in the Presence of Hints},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1403},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1403}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.