40 Hits in 3.6 sec

Don't Reject This: Key-Recovery Timing Attacks Due to Rejection-Sampling in HQC and BIKE

Qian Guo, Clemens Hlauschek, Thomas Johansson, Norman Lahr, Alexander Nilsson, Robin Leander Schröder
2022 Transactions on Cryptographic Hardware and Embedded Systems  
It is structurally different from previously identified attacks on the scheme: Previously, exploitable side-channel leakages have been identified in the BCH decoder of a previously submitted HQC version  ...  Candidates are evaluated not only on their formal security strengths, but are also judged based on the security with regard to resistance against side-channel attacks.  ...  if a decryption failure occurs.  ... 
doi:10.46586/tches.v2022.i3.223-263 dblp:journals/tches/GuoHJLNS22 fatcat:axzhx5zjendergthxii3csefxi

On the Timing Leakage of the Deterministic Re-encryption in HQC KEM [article]

Clemens Hlauschek, Norman Lahr, Robin Leander Schröder
2021 IACR Cryptology ePrint Archive  
It is structurally different from previously identified attacks on the scheme: Previously, exploitable side-channel leakages have been identified in the BCH decoder of a previously submitted HQC version  ...  Candidates are evaluated not only on their formal security strengths, but are also judged based on the security with regard to resistance against side-channel attacks.  ...  if a decryption failure occurs.  ... 
dblp:journals/iacr/HlauschekLS21 fatcat:5erhgi2gj5fqnlp2g6fnyfevn4

A Power Side-Channel Attack on the CCA2-Secure HQC KEM [article]

Thomas Schamberger, Julian Renner, Georg Sigl, Antonia Wachter-Zeh
2020 IACR Cryptology ePrint Archive  
Our attack utilizes a power side-channel to build an oracle that outputs whether the BCH decoder in HQC's decryption algorithm corrects an error for a chosen ciphertext.  ...  It features small public key sizes, precise estimation of its decryption failure rates and contrary to most of the code-based systems, its security does not rely on hiding the structure of an error-correcting  ...  Furthermore, HQC features attractive key sizes and allows precise estimations of its decryption failure rate.  ... 
dblp:journals/iacr/SchambergerRSW20 fatcat:nygkvu3xefgnxnzje2msdlabw4

Curse of Re-encryption: A Generic Power/EM Analysis on Post-Quantum KEMs

Rei Ueno, Keita Xagawa, Yutaro Tanaka, Akira Ito, Junko Takahashi, Naofumi Homma
2021 Transactions on Cryptographic Hardware and Embedded Systems  
attack achieves a partial key recovery).  ...  oracle that tells whether the PKE decryption result is equivalent to the reference plaintext.  ...  s decryption failure-based attack and our modification: This attack proceeds in two phases: 1.  ... 
doi:10.46586/tches.v2022.i1.296-322 fatcat:harfhr4cjbawfctnupxar6upmi

A Power Side-Channel Attack on the Reed-Muller Reed-Solomon Version of the HQC Cryptosystem [article]

Thomas Schamberger, Lukas Holzbaur, Julian Renner, Antonia Wachter-Zeh, Georg Sigl
2022 IACR Cryptology ePrint Archive  
For their third round version the authors utilize a new combination of error correcting codes, namely a combination of a Reed-Muller and a Reed-Solomon code, which requires an adaption of published attacks  ...  In this work we provide a novel attack strategy that again allows for a successful attack.  ...  This paper discusses a new side-channel attack against the codebased post-quantum cryptosystem Hamming Quasi Cyclic (HQC) [8] , which is an alternative candidate for standardization in the third round  ... 
dblp:journals/iacr/SchambergerHRWS22 fatcat:lr5v2gk6pjgmtng25ydqzbm5pa

Secure Sampling of Constant-Weight Words â€" Application to BIKE [article]

Nicolas Sendrier
2021 IACR Cryptology ePrint Archive  
Also, a new variant of Fisher-Yates shuffle is proposed which is (1) very well suited for secure implementations against timing and cache attacks, and (2) produces constant weight words with a distribution  ...  This observation was first made in [HLS21] about HQC, and a timing attack was presented to recover the secret key.  ...  Introduction In a recent work [HLS21], a timing attack on an implementation of HQC [AMAB + 21] is described.  ... 
dblp:journals/iacr/Sendrier21 fatcat:dgjvvterebdktgfafwj3ayab6u

Efficient Encryption from Random Quasi-Cyclic Codes [article]

Carlos Aguilar, Olivier Blazy, Jean-Christophe Deneuville, Philippe Gaborit, Gilles Zémor
2016 arXiv   pre-print
We also provide an analysis of the decryption failure probability of our scheme in the Hamming metric case: for the rank metric there is no decryption failure.  ...  Our schemes benefit from a very fast decryption algorithm together with small key sizes of only a few thousand bits.  ...  PARAMETERS A. HQC Instantiation for Hamming Metric In this Section, we describe our new cryptosystem in the Hamming metric setting.  ... 
arXiv:1612.05572v1 fatcat:up7iubangna3db2gd77tfi3ywe

Classical Misuse Attacks on NIST Round 2 PQC: The Power of Rank-Based Schemes [article]

Loïs Huguenin-Dumittan, Serge Vaudenay
2020 IACR Cryptology ePrint Archive  
Our attacks against CRYSTALS-Kyber, HQC, LAC and SABER are all practical and require only a few thousand queries to recover the full secret key.  ...  In order to create a more complete picture, we design new keyrecovery PCA against several round 2 candidates.  ...  Acknowledgements Loïs Huguenin-Dumittan is supported by a grant (project N o 192364) of the Swiss National Science Foundation (SNSF).  ... 
dblp:journals/iacr/Huguenin-Dumittan20 fatcat:qnvjopdgqrhq7dmdgz3kpp7uhq

Single-Trace Vulnerability of Countermeasures against Instruction-related Timing Attack [article]

Bo-Yeon Sim, Dong-Guk Han
2019 IACR Cryptology ePrint Archive  
In this paper, we propose that countermeasures against instruction-related timing attack would be vulnerable to single-trace attacks, which are presented at ISPEC 2017 and CHES 2019.  ...  The countermeasures use determiner to make operations, which leak timing side-channel information, perform in a constant-time.  ...  They use error-correcting code, Bose-Chaudhuri-Hocquenghem (BCH), due to non-zero decryption failure rate.  ... 
dblp:journals/iacr/SimH19 fatcat:dnzsojfpafepnkbolzdccswoze

Analysis of the FO Transformation in the Lattice-Based Post-Quantum Algorithms

Miguel Ángel González de la Torre, Luis Hernández Encinas, Araceli Queiruga-Dios
2022 Mathematics  
in the decapsulation algorithm and, in this way, to reduce the side channel attacks vulnerability.  ...  These transformations are applied to obtain a highly secure key encapsulation mechanism from a less secure public key encryption scheme.  ...  Two security games related to finding decryption failures were introduced in [12] .  ... 
doi:10.3390/math10162967 fatcat:k3fojbtohnhwbbnvm6wuzk6elq

Ouroboros-E: An Efficient Lattice-based Key-Exchange Protocol

Jean-Christophe Deneuville, Philippe Gaborit, Qian Guo, Thomas Johansson
2018 2018 IEEE International Symposium on Information Theory (ISIT)  
Overall we obtain a new protocol which competes with the recent NEWHOPE and KYBER proposals, and also with NTRU.  ...  The very efficient decoding algorithm permits to consider smaller alphabets than for NTRU or Ring-LWE decryption algorithms.  ...  Fig. 2 . 2 Logarithm of the observed probability that a decryption failure occurs as function of the modulus q (dots), and a conservative quadratic approximation (curve).  ... 
doi:10.1109/isit.2018.8437940 dblp:conf/isit/DeneuvilleGGJ18 fatcat:q4xm4jh3yfgjjccssvzrqe7jqu

Towards KEM Unification [article]

Daniel J. Bernstein, Edoardo Persichetti
2018 IACR Cryptology ePrint Archive  
This paper highlights a particular construction of a correct KEM without failures and without ciphertext expansion from any correct deterministic PKE, and presents a simple tight proof of ROM IND-CCA2  ...  In particular, this paper introduces the notion of "IND-Hash" security and shows that this allows a new separation between checking encryptions and randomizing decapsulations.  ...  PKE secure against a class of IND-CCA2 attacks, namely ROM IND-CCA2 attacks.  ... 
dblp:journals/iacr/BernsteinP18 fatcat:dtlly3wo5fauvk6mbzxdpjlxse

Quantum Randomness in Cryptography—A Survey of Cryptosystems, RNG-Based Ciphers, and QRNGs

Anish Saini, Athanasios Tsokanos, Raimund Kirner
2022 Information  
Therefore, to ensure high data security over a network, researchers need to improve the randomness of keys as they develop cryptosystems.  ...  In order to increase the level of the security of cryptographic systems based on random numbers, this survey focuses on three objectives: Cryptosystems with related cryptographic attacks, RNG-based cryptosystems  ...  These attacks illustrate a requirement to modify various cryptosystems to make them more secure against cryptographic attacks.  ... 
doi:10.3390/info13080358 fatcat:c2wsomzpobbkvbwg46jcnfrhlq

Quantum Indistinguishability for Public Key Encryption [article]

Tommaso Gagliardoni, Juliane Krämer, Patrick Struck
2021 arXiv   pre-print
We show a distinguishing attack against code-based schemes and against LWE-based schemes with certain parameters.  ...  Moreover, recoverable schemes allow to realise type-2 operators even if they suffer from decryption failures, which in general thwarts the reversibility mandated by type-2 operators.  ...  Acknowledgements The authors are very grateful to the anonymous reviewers for spotting a flaw in a previous version of this manuscript.  ... 
arXiv:2003.00578v5 fatcat:jeeomm7oy5bo7asdlnxqebaurq

On Post-Quantum Perfect Forward Secrecy in 6G [article]

Mohamed Taoufiq Damir, Tommi Meskanen, Sara Ramezanian, Valtteri Niemi
2022 arXiv   pre-print
., it is resistant against linkability attacks and it is quantum-safe.  ...  In this paper, we propose a novel quantum-safe authentication and key agreement protocol for future generation of mobile communication networks (6G).  ...  This is to protect against an attacker who has somehow obtained victim's SUPI.  ... 
arXiv:2207.06144v1 fatcat:k3awgni6hbcpfnn4sol3thdwy4
« Previous Showing results 1 — 15 out of 40 results