Paper 2025/304
Lattice-based Cryptography: A survey on the security of the lattice-based NIST finalists
, Leiden University, University of Bordeaux, PQShieldAbstract
This survey, mostly written in the years 2022-2023, is meant as an as short as possible description of the current state-of-the-art lattice attacks on lattice-based cryptosystems, without losing the essence of the matter. The main focus is the security of the NIST finalists and alternatives that are based on lattices, namely CRYSTALS-Kyber, CRYSTALS-Dilithium and Falcon. Instead of going through these cryptosystems case by case, this survey considers attacks on the underlying hardness assumptions: in the case of the mentioned lattice-based schemes, these are (variants of) LWE (Learning With Errors) and NTRU.
Note: Clarified the differences in CVP-styles in Section 7.4 (absolute CVP in the infinity norm versus relative CVP in the euclidean norm); clarified that these differences are overcome with heuristics in the original work (Remark 18), clarified the dependency of the alpha-parameter on the geometry of the logarithmic unit lattice (Remark 16).
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- lattice-based cryptographycryptanalysisNIST candidatesNIST finalistsNTRULWEsecurity estimatessurvey
- Contact author(s)
-
kboer research @ gmail com
wessel vanwoerden @ pqshield com - History
- 2025-04-08: revised
- 2025-02-20: received
- See all versions
- Short URL
- https://ia.cr/2025/304
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/304,
author = {Koen de Boer and Wessel van Woerden},
title = {Lattice-based Cryptography: A survey on the security of the lattice-based {NIST} finalists},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/304},
year = {2025},
url = {https://eprint.iacr.org/2025/304}
}
