Title:

Decryption Errors and Implementation Attacks on Kyber

 

Abstract:

In LWE-based KEMs, observed decryption errors leak information about the secret key in the form of inequalities.
Several practical attacks have already exploited such leakage by either directly applying a fault or combining a chosen-ciphertext with an implementation attack.
When the leaked information is in the form of inequalities, retrieving the secret key is not trivial and several recovery methods exist.

This talk gives an overview over decryption errors in Kyber, how they are currently exploited for implementation attacks, and which methods exist to recover the key from decryption error information.

Presentation Slides

 

Speaker:

Julius Hermelink

Uni-BW, Infineon