The user of an imperfectly correct lattice-based public-key encryption scheme leaks information about their secret key with each decryption query that they answer—even if they answer all queries successfully. Through a refinement of the D’Anvers–Guo–Johansson–Nilsson–Vercauteren–Verbauwhede failure boosting attack, we show that an adversary can use this information to improve his odds of finding a decryption failure. We also propose a new definition of (Formula Presented)-correctness, and we re-assess the correctness of several submissions to NIST’s post-quantum standardization effort.
CITATION STYLE
Bindel, N., & Schanck, J. M. (2020). Decryption Failure Is More Likely After Success. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 12100 LNCS, pp. 206–225). Springer. https://doi.org/10.1007/978-3-030-44223-1_12
Mendeley helps you to discover research relevant for your work.