Search
Close
Search
Advanced Search
Search Menu

Abstract

NewHope cryptosystem is one of the second-round submissions of the National Institute of Standards and Technology post-quantum cryptography standardization process, which is a suite of two key encapsulation mechanisms based on the ring-learning with errors (LWE) problem. It has received much attention from the research community due to its small key size and high efficiency. Recently, three key mismatch attacks are proposed against NewHope under the condition of key reuse. They do not solve the ring-LWE instance directly but exploit the leakage of secret information. As far as we know, the best result is given by Okada et al. ((2020) Improving Key Mismatch Attack on NewHope with Fewer Queries. In Proc. of the 25th Australasian Conf. on Information Security and Privacy, Perth, WA, Australia, November 30–December 2, pp. 505–524. Springer Cham, Switzerland), which recovers the whole secret with a success probability of |$97\%$| and |$233,803$| average queries. In this paper, we further improve the key mismatch attack of NewHope by reducing the average queries to |$106,577$| and raising the success probability to |$100\%$|⁠. Moreover, we analyze the key mismatch attack without key reuse for the first time and we propose a combinatorial attack against NewHope1024. The total complexity of the combinatorial attack is |$2^{253}$|⁠, which is lower than the complexity of primal attack and the claimed security strength of NewHope1024.

© The British Computer Society 2021. All rights reserved. For permissions, please e-mail: journals.permissions@oup.com
This article is published and distributed under the terms of the Oxford University Press, Standard Journals Publication Model (https://academic.oup.com/journals/pages/open_access/funder_policies/chorus/standard_publication_model)
Issue Section:
Section D: Security in Computer Systems and Networks
You do not currently have access to this article.
Download all slides