Lattice Klepto Revisited

Abstract: Kleptography introduced by Young and Yung is about using an embedded backdoor to perform attacks on a cryptosystems. At SAC'17, Kwant et al. proposed a kleptographic backdoor on NTRU encryption scheme and thought that the backdoor can not be detected. However, in this paper we show that the user can detect the backdoor very efficiently and hence the problem of constructing a kleptographic backdoor on NTRU stays open. Moreover, we also design a universal method to embed a kleptographic backdoor for RLWE-based s… Show more

“…Regarding lattice-based schemes, researchers found ASA in NTRU [Kwant et al 2018] and in LWE-based schemes, such as NewHope [Yang et al 2020a]. The main difference is that the authors claim that the attack in NTRU can be efficiently detectable, but that is not the case of LWE-based cryptosystems [Yang et al 2020b]. Furthermore, the NTRU attacks are based on a substitution of NTRU encryption, whereas LWE has attacks based on both key generation and encryption.…”

“…For instance, NTRU (N-th degree Truncated polynomial Ring Units) is a public-key scheme that already has a kleptographic vulnerability for attackers [Kwant et al 2018]. The schemes based on the Learning-With-Errors (LWE) problem also suffer from this attack [Yang et al 2020b]. These examples show that there is still a lot to be researched about detection and countermeasures against ASA, in order to improve the resilience of the PQC schemes.…”

Timing Analysis of Algorithm Substitution Attacks in a Post-Quantum TLS Protocol

“…Regarding lattice-based schemes, researchers found ASA in NTRU [Kwant et al 2018] and in LWE-based schemes, such as NewHope [Yang et al 2020a]. The main difference is that the authors claim that the attack in NTRU can be efficiently detectable, but that is not the case of LWE-based cryptosystems [Yang et al 2020b]. Furthermore, the NTRU attacks are based on a substitution of NTRU encryption, whereas LWE has attacks based on both key generation and encryption.…”

“…For instance, NTRU (N-th degree Truncated polynomial Ring Units) is a public-key scheme that already has a kleptographic vulnerability for attackers [Kwant et al 2018]. The schemes based on the Learning-With-Errors (LWE) problem also suffer from this attack [Yang et al 2020b]. These examples show that there is still a lot to be researched about detection and countermeasures against ASA, in order to improve the resilience of the PQC schemes.…”

Timing Analysis of Algorithm Substitution Attacks in a Post-Quantum TLS Protocol

How to Backdoor (Classic) McEliece and How to Guard Against Backdoors

Fuzzing+Hardware Performance Counters-Based Detection of Algorithm Subversion Attacks on Postquantum Signature Schemes