We show that the NISTPQC submission HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works around the error correction in HILA5. The attack applies to the HILA5 key-encapsulation mechanism (KEM), and also to the public-key encryption mechanism (PKE) obtained by NIST’s procedure for combining the KEM with authenticated encryption. This contradicts the most natural interpretation of the IND-CCA security claim for HILA5.
CITATION STYLE
Bernstein, D. J., Groot Bruinderink, L., Lange, T., & Panny, L. (2018). HILA5 pindakaas: On the CCA security of lattice-based encryption with error correction. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10831 LNCS, pp. 203–216). Springer Verlag. https://doi.org/10.1007/978-3-319-89339-6_12
Mendeley helps you to discover research relevant for your work.