Paper 2024/2070

Sneaking up the Ranks: Partial Key Exposure Attacks on Rank-Based Schemes

Giuseppe D'Alconzo, Polytechnic University of Turin
Andre Esser, Technology Innovation Institute
Andrea Gangemi, Polytechnic University of Turin
Carlo Sanna, Polytechnic University of Turin
Abstract

A partial key exposure attack is a key recovery attack where an adversary obtains a priori partial knowledge of the secret key, e.g., through side-channel leakage. While for a long time post-quantum cryptosystems, unlike RSA, have been believed to be resistant to such attacks, recent results by Esser, May, Verbel, and Wen (CRYPTO ’22), and by Kirshanova and May (SCN ’22), have refuted this belief. In this work, we focus on partial key exposure attacks in the context of rank-metric-based schemes, particularly targeting the RYDE, MIRA, and MiRitH digital signatures schemes, which are active candidates in the NIST post-quantum cryptography standardization process. We demonstrate that, similar to the RSA case, the secret key in RYDE can be recovered from a constant fraction of its bits. Specifically, for NIST category I parameters, our attacks remain efficient even when less than 25% of the key material is leaked. Interestingly, our attacks lead to a natural improvement of the best generic attack on RYDE without partial knowledge, reducing security levels by up to 9 bits. For MIRA and MiRitH our attacks remain efficient as long as roughly 57%-60% of the secret key material is leaked. Additionally, we initiate the study of partial exposure of the witness in constructions following the popular MPCitH (MPC-in-the-Head) paradigm. We show a generic reduction from recovering RYDE and MIRA’s witness to the MinRank problem, which again leads to efficient key recovery from constant fractions of the secret witness in both cases.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Erasure/Error ModelMinRankRank Syndrome DecodingPost-Quantum
Contact author(s)
giuseppe dalconzo @ polito it
andre r esser @ gmail com
andrea gangemi @ polito it
carlo sanna @ polito it
History
2024-12-24: approved
2024-12-24: received
See all versions
Short URL
https://ia.cr/2024/2070
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/2070,
      author = {Giuseppe D'Alconzo and Andre Esser and Andrea Gangemi and Carlo Sanna},
      title = {Sneaking up the Ranks: Partial Key Exposure Attacks on Rank-Based Schemes},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/2070},
      year = {2024},
      url = {https://eprint.iacr.org/2024/2070}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.