HILA5 pindakaas: On the CCA security of lattice-based encryption with error correction

Daniel J. Bernstein, Leon Groot Bruinderink, Tanja Lange, Lorenz Panny

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

14 Scopus citations

Abstract

We show that the NISTPQC submission HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST’s procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.

Original languageEnglish
Title of host publicationProgress in Cryptology - AFRICACRYPT 2018 - 10th International Conference on Cryptology in Africa, Proceedings
EditorsAbderrahmane Nitaj, Tajjeeddine Rachidi, Antoine Joux
PublisherSpringer Verlag
Pages203-216
Number of pages14
ISBN (Print)9783319893389
DOIs
StatePublished - 2018
Externally publishedYes
Event10th International Conference on the Theory and Application of Cryptographic Techniques in Africa, AFRICACRYPT 2018 - Marrakesh, Morocco
Duration: 7 May 20189 May 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10831 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference10th International Conference on the Theory and Application of Cryptographic Techniques in Africa, AFRICACRYPT 2018
Country/TerritoryMorocco
CityMarrakesh
Period7/05/189/05/18

Keywords

  • KEM
  • Post-quantum cryptography
  • RLWE
  • Reaction attack

Fingerprint

Dive into the research topics of 'HILA5 pindakaas: On the CCA security of lattice-based encryption with error correction'. Together they form a unique fingerprint.

Cite this