Paper 2024/2070
Sneaking up the Ranks: Partial Key Exposure Attacks on Rank-Based Schemes
Abstract
A partial key exposure attack is a key recovery attack where an adversary obtains a priori partial knowledge of the secret key, e.g., through side-channel leakage. While for a long time post-quantum cryptosystems, unlike RSA, have been believed to be resistant to such attacks, recent results by Esser, May, Verbel, and Wen (CRYPTO ’22), and by Kirshanova and May (SCN ’22), have refuted this belief. In this work, we focus on partial key exposure attacks in the context of rank-metric-based schemes, particularly targeting the RYDE, MIRA, and MiRitH digital signatures schemes, which are active candidates in the NIST post-quantum cryptography standardization process. We demonstrate that, similar to the RSA case, the secret key in RYDE can be recovered from a constant fraction of its bits. Specifically, for NIST category I parameters, our attacks remain efficient even when less than 25% of the key material is leaked. Interestingly, our attacks lead to a natural improvement of the best generic attack on RYDE without partial knowledge, reducing security levels by up to 9 bits. For MIRA and MiRitH our attacks remain efficient as long as roughly 57%-60% of the secret key material is leaked. Additionally, we initiate the study of partial exposure of the witness in constructions following the popular MPCitH (MPC-in-the-Head) paradigm. We show a generic reduction from recovering RYDE and MIRA’s witness to the MinRank problem, which again leads to efficient key recovery from constant fractions of the secret witness in both cases.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Erasure/Error ModelMinRankRank Syndrome DecodingPost-Quantum
- Contact author(s)
-
giuseppe dalconzo @ polito it
andre r esser @ gmail com
andrea gangemi @ polito it
carlo sanna @ polito it - History
- 2024-12-24: approved
- 2024-12-24: received
- See all versions
- Short URL
- https://ia.cr/2024/2070
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/2070, author = {Giuseppe D'Alconzo and Andre Esser and Andrea Gangemi and Carlo Sanna}, title = {Sneaking up the Ranks: Partial Key Exposure Attacks on Rank-Based Schemes}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/2070}, year = {2024}, url = {https://eprint.iacr.org/2024/2070} }