Paper 2023/157

A Key-Recovery Attack against Mitaka in the t-Probing Model

Thomas Prest, PQShield
Abstract

Mitaka is a lattice-based signature proposed at Eurocrypt 2022. A key advertised feature of Mitaka is that it can be masked at high orders efficiently, making it attractive in scenarios where side-channel attacks are a concern. Mitaka comes with a claimed security proof in the t-probing model. We uncover a flaw in the security proof of Mitaka, and subsequently show that it is not secure in the t-probing model. For any number of shares d ≥ 4, probing t < d variables per execution allows an attacker to recover the private key efficiently with approximately 221 executions. Our analysis shows that even a constant number of probes suffices (t = 3), as long as the attacker has access to a number of executions that is linear in d/t.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
A minor revision of an IACR publication in PKC 2023
Keywords
Mitakat-probing modelcryptanalysis
Contact author(s)
thomas prest @ pqshield com
History
2023-02-15: approved
2023-02-09: received
See all versions
Short URL
https://ia.cr/2023/157
License
Creative Commons Attribution-NonCommercial
CC BY-NC

BibTeX 

@misc{cryptoeprint:2023/157,
      author = {Thomas Prest},
      title = {A Key-Recovery Attack against Mitaka in the t-Probing Model},
      howpublished = {Cryptology ePrint Archive, Paper 2023/157},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/157}},
      url = {https://eprint.iacr.org/2023/157}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.