Advertisement

The Impact of Error Dependencies on Ring/Mod-LWE/LWR Based Schemes

  • Jan-Pieter D’AnversEmail author
  • Frederik Vercauteren
  • Ingrid Verbauwhede
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11505)

Abstract

Current estimation techniques for the probability of decryption failures in Ring/Mod-LWE/LWR based schemes assume independence of the failures in individual bits of the transmitted message to calculate the full failure rate of the scheme. In this paper we disprove this assumption both theoretically and practically for schemes based on Ring/Mod-Learning with Errors/Rounding. We provide a method to estimate the decryption failure probability, taking into account the bit failure dependency. We show that the independence assumption is suitable for schemes without error correction, but that it might lead to underestimating the failure probability of algorithms using error correcting codes. In the worst case, for LAC-128, the failure rate is \(2^{48}\) times bigger than estimated under the assumption of independence. This higher-than-expected failure rate could lead to more efficient cryptanalysis of the scheme through decryption failure attacks.

Keywords

Lattice cryptography Ring-LWE Error correcting codes Decryption failures 

Notes

Acknowledgements

This work was supported in part by the Research Council KU Leuven grants: C16/15/058, C14/18/067 and STG/17/019 and by the European Commission through the Horizon 2020 research and innovation programme Cathedral ERC Advanced Grant 695305.

References

  1. 1.
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange - a New Hope. In: USENIX Security 2016 (2016)Google Scholar
  2. 2.
    Bos, J., etal.: Crystals - Kyber: a CCA-secure module-lattice-based KEM. Cryptology ePrint Archive, Report 2017/634, 2017. http://eprint.iacr.org/2017/634
  3. 3.
    D’Anvers, J.-P., Karmakar, A., Sinha Roy, S., Vercauteren, F.: Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 282–305. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-89339-6_16CrossRefGoogle Scholar
  4. 4.
    D’Anvers, J.-P.: Saber without failures parameter estimation (2019). https://github.com/KULeuven-COSIC/PQCRYPTO-decryption-failures
  5. 5.
    D’Anvers, J.-P., Vercauteren, F., Verbauwhede, I.: On the impact of decryption failures on the security of LWE/LWR based schemes. Cryptology ePrint Archive, Report 2018/1089 (2018). https://eprint.iacr.org/2018/1089
  6. 6.
    Fluhrer, S.: Cryptanalysis of ring-LWE based key exchange with key share reuse. Cryptology ePrint Archive, Report 2016/085 (2016). https://eprint.iacr.org/2016/085
  7. 7.
    Fritzmann, T., Pöppelmann, T., Sepulveda, J.: Analysis of error-correcting codes for lattice-based key exchange. Cryptology ePrint Archive, Report 2018/150 (2018). https://eprint.iacr.org/2018/150
  8. 8.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. 26(1), 80–101 (2013)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Garcia-Morchon, O., Zhang, Z., Bhattacharya, S., Rietman, R., Tolhuizen, L., Torre-Arce, J.-L.: Round2. Technical report, National Institute of Standards and Technology (2017). https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions
  10. 10.
    Hamburg, M.: Integer module lwe key exchange and encryption: The three bears - draft 8 (2017). https://www.shiftleft.org/papers/threebears/threebears-draft8.pdf
  11. 11.
    Hamburg, M.: Threebears. Technical report, National Institute of Standards and Technology (2017). https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions
  12. 12.
    Hofheinz, D., Hövelmanns, K., Kiltz, E.: A modular analysis of the Fujisaki-Okamoto transformation. Cryptology ePrint Archive, Report 2017/604 (2017). http://eprint.iacr.org/2017/604
  13. 13.
    Jiang, H., Zhang, Z., Chen, L., Wang, H., Ma, Z.: Post-quantum IND-CCA-secure KEM without additional hash. Cryptology ePrint Archive, Report 2017/1096 (2017). https://eprint.iacr.org/2017/1096
  14. 14.
    Jin, Z., Zhao, Y.: Optimal key consensus in presence of noise. Cryptology ePrint Archive, Report 2017/1058 (2017). https://eprint.iacr.org/2017/1058
  15. 15.
    Lu, X., Liu, Y., Jia, D., Xue, H., He, J., Zhang, Z.: LAC. Technical report, National Institute of Standards and Technology (2017). https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions
  16. 16.
    Seo, M., Park, J.H., Lee, D.H., Kim, S., Lee, S.-J.: Emblem and R. Emblem. Technical report, National Institute of Standards and Technology (2017). https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions
  17. 17.
    Smart, N.P., etal.: LIMA. Technical report, National Institute of Standards and Technology (2017). https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Jan-Pieter D’Anvers
    • 1
    Email author
  • Frederik Vercauteren
    • 1
  • Ingrid Verbauwhede
    • 1
  1. 1.IMEC-COSIC, KU LeuvenLeuven-HeverleeBelgium

Personalised recommendations