Key Mismatch Attacks (KMA) pose a significant threat to lattice-based key encapsulation mechanisms (KEMs), such as CRYSTALS-Kyber (Kyber), standardized as NIST FIPS 203. Despite advancements in KMA, including multi-positional strategies and enhanced oracles like the Multi-Value Key Mismatch Oracle (MV-KMO), existing methods suffer from high query counts and detectable ciphertexts, limiting their practicality. This paper proposes techniques to enhance KMA efficiency and stealth against Kyber and Saber. First, for CPA-secure KEMs, we propose a multi-bit inference strategy that uses crafted ciphertexts to extract information about multiple private key coefficients per Key Mismatch Oracle (KMO) query, reducing the required queries for Kyber1024 from 2368 to 2268 and for FireSaber from 2623 to 2571. Second, for CCA-secure KEMs, we present a minimal-query KMA method leveraging the Hamming Weight Incremental (HWI) leakage model to recover the full decapsulated message, thereby reducing queries from 2176 to 12 for Kyber1024 and from 2433 to 16 for FireSaber. Third, we develop a stealthy KMA variant for CCA-secure KEMs that reconstructs the noise vector to recover the private key, generating ciphertexts statistically indistinguishable from legitimate ones, as confirmed by entropy and Kullback-Leibler (KL) divergence analyses. These advancements improve KMA performance and covertness, revealing critical vulnerabilities in lattice-based KEMs and informing future cryptographic defenses.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Enhanced Key Mismatch Attacks on Lattice-Based KEMs: Multi-bit Inference and Ciphertext Generalization

  • Yan Shao,
  • Yuejun Liu,
  • Yongbin Zhou,
  • Mingyao Shao

摘要

Key Mismatch Attacks (KMA) pose a significant threat to lattice-based key encapsulation mechanisms (KEMs), such as CRYSTALS-Kyber (Kyber), standardized as NIST FIPS 203. Despite advancements in KMA, including multi-positional strategies and enhanced oracles like the Multi-Value Key Mismatch Oracle (MV-KMO), existing methods suffer from high query counts and detectable ciphertexts, limiting their practicality. This paper proposes techniques to enhance KMA efficiency and stealth against Kyber and Saber. First, for CPA-secure KEMs, we propose a multi-bit inference strategy that uses crafted ciphertexts to extract information about multiple private key coefficients per Key Mismatch Oracle (KMO) query, reducing the required queries for Kyber1024 from 2368 to 2268 and for FireSaber from 2623 to 2571. Second, for CCA-secure KEMs, we present a minimal-query KMA method leveraging the Hamming Weight Incremental (HWI) leakage model to recover the full decapsulated message, thereby reducing queries from 2176 to 12 for Kyber1024 and from 2433 to 16 for FireSaber. Third, we develop a stealthy KMA variant for CCA-secure KEMs that reconstructs the noise vector to recover the private key, generating ciphertexts statistically indistinguishable from legitimate ones, as confirmed by entropy and Kullback-Leibler (KL) divergence analyses. These advancements improve KMA performance and covertness, revealing critical vulnerabilities in lattice-based KEMs and informing future cryptographic defenses.