Paper 2020/1578

An IND-CCA2 Attack Against the 1st- and 2nd-round Versions of NTS-KEM

Tung Chou

Abstract

This paper presents an IND-CCA2 attack against the 1st- and 2nd-round versions of NTS-KEM, i.e., the versions before the update in December 2019. Our attack works against the 1st- and 2nd-round specifications, with a number of decapsulation queries upper-bounded by n − k and an advantage lower-bounded by roughly 0.5(n − k)t/n^2 , where n, k, and t stand for the code length, code dimension, and the designed decoding capacity, for all the three parameter sets of NTS-KEM. We found that the non-reference implementations are also vulnerable to our attack, even though there are bugs. There are also bugs in the reference implementations, but in a way invulnerable to our attack.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. SECITC 2020 (to appear)
Keywords
NIST PQC standardizationPost-quantum cryptogrphyCode-based cryptographyIND-CCA2
Contact author(s)
blueprint @ crypto tw
History
2020-12-21: received
Short URL
https://ia.cr/2020/1578
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/1578,
      author = {Tung Chou},
      title = {An IND-CCA2 Attack Against the 1st- and 2nd-round Versions of NTS-KEM},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1578},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/1578}},
      url = {https://eprint.iacr.org/2020/1578}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.