Paper 2023/157
A Key-Recovery Attack against Mitaka in the t-Probing Model
Abstract
Mitaka is a lattice-based signature proposed at Eurocrypt 2022. A key advertised feature of Mitaka is that it can be masked at high orders efficiently, making it attractive in scenarios where side-channel attacks are a concern. Mitaka comes with a claimed security proof in the t-probing model. We uncover a flaw in the security proof of Mitaka, and subsequently show that it is not secure in the t-probing model. For any number of shares d ≥ 4, probing t < d variables per execution allows an attacker to recover the private key efficiently with approximately 221 executions. Our analysis shows that even a constant number of probes suffices (t = 3), as long as the attacker has access to a number of executions that is linear in d/t.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- A minor revision of an IACR publication in PKC 2023
- Keywords
- Mitakat-probing modelcryptanalysis
- Contact author(s)
- thomas prest @ pqshield com
- History
- 2023-02-15: approved
- 2023-02-09: received
- See all versions
- Short URL
- https://ia.cr/2023/157
- License
-
CC BY-NC
BibTeX
@misc{cryptoeprint:2023/157, author = {Thomas Prest}, title = {A Key-Recovery Attack against Mitaka in the t-Probing Model}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/157}, year = {2023}, url = {https://eprint.iacr.org/2023/157} }