Paper 2023/157

A Key-Recovery Attack against Mitaka in the t-Probing Model

Thomas Prest, PQShield

Mitaka is a lattice-based signature proposed at Eurocrypt 2022. A key advertised feature of Mitaka is that it can be masked at high orders efficiently, making it attractive in scenarios where side-channel attacks are a concern. Mitaka comes with a claimed security proof in the t-probing model. We uncover a flaw in the security proof of Mitaka, and subsequently show that it is not secure in the t-probing model. For any number of shares d ≥ 4, probing t < d variables per execution allows an attacker to recover the private key efficiently with approximately 221 executions. Our analysis shows that even a constant number of probes suffices (t = 3), as long as the attacker has access to a number of executions that is linear in d/t.

Available format(s)
Attacks and cryptanalysis
Publication info
A minor revision of an IACR publication in PKC 2023
Mitakat-probing modelcryptanalysis
Contact author(s)
thomas prest @ pqshield com
2023-02-15: approved
2023-02-09: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial


      author = {Thomas Prest},
      title = {A Key-Recovery Attack against Mitaka in the t-Probing Model},
      howpublished = {Cryptology ePrint Archive, Paper 2023/157},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.