Paper 2024/260
Kleptographic Attacks against Implicit Rejection
, CISPA Helmholtz Center for Information Security, CISPA Helmholtz Center for Information Security, CISPA Helmholtz Center for Information Security, Saarland UniversityAbstract
Given its integral role in modern encryption systems such as CRYSTALS-Kyber, the Fujisaki-Okamoto (FO) transform will soon be at the center of our secure communications infrastructure. An enduring debate surrounding the FO transform is whether to use explicit or implicit rejection when decapsulation fails. Presently, implicit rejection, as implemented in CRYSTALS-Kyber, is supported by a strong set of arguments. Therefore, understanding its security implications in different attacker models is essential. In this work, we study implicit rejection through a novel lens, namely, from the perspective of kleptography. Concretely, we consider an attacker model in which the attacker can subvert the user's code to compromise security while remaining undetectable. In this scenario, we present three attacks that significantly reduce the security level of the FO transform with implicit rejection. Notably, our attacks apply to CRYSTALS-Kyber.
Metadata
- Available format(s)
-
PDF
- Publication info
- Preprint.
- Keywords
- KleptographyImplicit RejectionChosen-Ciphertext SecurityFujisaki-Okamoto TransformKyber
- Contact author(s)
-
joux @ cispa de
loss @ cispa de
benedikt wagner @ cispa de - History
- 2024-02-19: approved
- 2024-02-16: received
- See all versions
- Short URL
- https://ia.cr/2024/260
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/260,
author = {Antoine Joux and Julian Loss and Benedikt Wagner},
title = {Kleptographic Attacks against Implicit Rejection},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/260},
year = {2024},
url = {https://eprint.iacr.org/2024/260}
}
