A Complete and Optimized Key Mismatch Attack on NIST Candidate NewHope

Qin, Yue; Cheng, Chi; Ding, Jintai

doi:10.1007/978-3-030-29962-0_24

A Complete and Optimized Key Mismatch Attack on NIST Candidate NewHope

Yue Qin¹¹,
Chi Cheng¹¹ &
Jintai Ding¹²

Conference paper
First Online: 15 September 2019

1926 Accesses
15 Citations

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11736))

Abstract

In CT-RSA 2019, Bauer et al. have analyzed the case when the public key is reused for the NewHope key encapsulation mechanism (KEM), a second-round candidate in the NIST Post-quantum Standard process. They proposed an elegant method to recover coefficients ranging from \(-6\) to 4 in the secret key. We repeat their experiments but there are two fundamental problems. First, even for coefficients in [−6, 4] we cannot recover at least 262 of them in each secret key with 1024 coefficients. Second, for the coefficient outside [−6, 4], they suggested an exhaustive search. But for each secret key on average there are 10 coefficients that need to be exhaustively searched, and each of them has 6 possibilities. This makes Bauer et al.’s method highly inefficient. We propose an improved method, which with \(99.22\%\) probability recovers all the coefficients ranging from \(-6\) to 4 in the secret key. Then, inspired by Ding et al.’s key mismatch attack, we propose an efficient strategy which with a probability of \(96.88\%\) succeeds in recovering all the coefficients in the secret key. Experiments show that our proposed method is very efficient, which completes the attack in about 137.56 ms using the NewHope parameters.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

Alagic, G., et al.: Status report on the first round of the NIST post-quantum cryptography standardization process. US Department of Commerce, National Institute of Standards and Technology (2019). https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8240.pdf. Accessed 26 Feb 2019
Alkim, E., et al.: Newhope: algorithm specification and supporting documentation. Submission to the NIST post-quantum cryptography standardization project (2017). https://newhopecrypto.org/data/NewHope_2018_12_02.pdf. Accessed 27 Feb 2019
Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Newhope without reconciliation. IACR Cryptology ePrint Archive 2016, 1157 (2016). https://www.cryptojedi.org/papers/newhopesimple-20161217.pdf. Accessed 17 Feb 2019
Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchangea new hope. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 327–343 (2016)
Google Scholar
Bauer, A., Gilbert, H., Renault, G., Rossi, M.: Assessment of the key-reuse resilience of NewHope. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 272–292. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12612-4_14
Chapter Google Scholar
Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: 2015 IEEE Symposium on Security and Privacy, pp. 553–570. IEEE (2015)
Google Scholar
Ding, J., Alsayigh, S., Saraswathy, R., Fluhrer, S., Lin, X.: Leakage of signal function with reused keys in RLWE key exchange. In: 2017 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2017)
Google Scholar
Ding, J., Cheng, C., Qin, Y.: A simple key reuse attack on LWE and ring LWE encryption schemes as key encapsulation mechanisms (KEMS). Cryptology ePrint Archive, Report 2019/271 (2019). https://eprint.iacr.org/2019/271. Accessed 21 Apr 2019
Ding, J., Fluhrer, S., Rv, S.: Complete attack on RLWE key exchange with reused keys, without signal leakage. In: Susilo, W., Yang, G. (eds.) ACISP 2018. LNCS, vol. 10946, pp. 467–486. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93638-3_27
Chapter Google Scholar
Ding, J., Xie, X., Lin, X.: A simple provably secure key exchange scheme based on the learning with errors problem. IACR Cryptology EPrint Archive 2012, 688 (2012). https://eprint.iacr.org/2012/688.pdf. Accessed 26 Feb 2019
Fluhrer, S.R.: Cryptanalysis of ring-LWE based key exchange with key share reuse. IACR Cryptology ePrint Archive 2016, 85 (2016). http://eprint.iacr.org/2016/085. Accessed 18 Feb 2019
Gao, X., Ding, J., Li, L., Liu, J.: Practical randomized rlwe-based key exchange against signal leakage attack. IEEE Trans. Comput. 67(11), 1584–1593 (2018)
Article MathSciNet Google Scholar
Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19074-2_21
Chapter Google Scholar
Liu, C., Zheng, Z., Zou, G.: Key reuse attack on newhope key exchange protocol. In: Lee, K. (ed.) ICISC 2018. LNCS, vol. 11396, pp. 163–176. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12146-4_11
Chapter Google Scholar
Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_1
Chapter Google Scholar
Peikert, C.: Lattice cryptography for the internet. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 197–219. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11659-4_12
Chapter MATH Google Scholar
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 56(6), 34:1–40 (2009)
Article MathSciNet Google Scholar
Rescorla, E.: The transport layer security (TLS) protocol version 1.3. Technical report (2018). http://www.rfc-editor.org/info/rfc8446. Accessed 26 Feb 2019
Zhang, J., Zhang, Z., Ding, J., Snook, M., Dagdelen, Ö.: Authenticated key exchange from ideal lattices. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 719–751. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_24
Chapter Google Scholar

Download references

Acknowledgments

The work presented in this paper was supported in part by the National Natural Science Foundation of China under Grant no. 61672029. Jintai Ding would like to thank the partial support of USA Air Force and NSF.

Author information

Authors and Affiliations

China University of Geosciences, Wuhan, 430074, China
Yue Qin & Chi Cheng
University of Cincinnati, Cincinnati, 45219, USA
Jintai Ding

Authors

Yue Qin
View author publications
You can also search for this author in PubMed Google Scholar
Chi Cheng
View author publications
You can also search for this author in PubMed Google Scholar
Jintai Ding
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chi Cheng .

Editor information

Editors and Affiliations

NEC Corporation, Kawasaki, Japan
Kazue Sako
University of Surrey, Guildford, UK
Steve Schneider
University of Luxembourg, Esch-sur-Alzette, Luxembourg
Peter Y. A. Ryan

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Qin, Y., Cheng, C., Ding, J. (2019). A Complete and Optimized Key Mismatch Attack on NIST Candidate NewHope. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11736. Springer, Cham. https://doi.org/10.1007/978-3-030-29962-0_24

Download citation

DOI: https://doi.org/10.1007/978-3-030-29962-0_24
Published: 15 September 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29961-3
Online ISBN: 978-3-030-29962-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics