Security analysis of promising key encapsulation mechanisms in the core-SVP model

IF 0.2 Q4 ENGINEERING, ELECTRICAL & ELECTRONIC Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia Pub Date : 2023-03-28 DOI:10.30837/rt.2023.1.212.06
S.O. Kandiy
{"title":"Security analysis of promising key encapsulation mechanisms in the core-SVP model","authors":"S.O. Kandiy","doi":"10.30837/rt.2023.1.212.06","DOIUrl":null,"url":null,"abstract":"The study of key encapsulation mechanisms on structured lattices is one of the important directions in modern post-quantum cryptography, as many mechanisms are either already standardized (DSTU 8961:2019 \"Skelya\") or are promising candidates for standardization (CRYSTALS-Kyber). Estimating the complexity of lattice reduction for cryptographic schemes is an old problem. Asymptotic estimates differ greatly from experimental values, therefore, a number of heuristic methods were developed to solve practical problems. The coreSVP model is a standard means of assessing the security of cryptographic schemes on lattices. The purpose of the work is to analyze the encapsulation mechanisms of DSTU 8961:2019 \"Skelya\" and CRYSTALS-Kyber keys in the coreSVP model. The analysis was performed using two popular heuristics – GSA (Geometric Series Assumption) and the Chen-Nguyen simulator. The analysis showed that the Chen-Nguyen simulator gives slightly lower estimates than the GSA heuristic. As a result of the analysis, it was found that 8961:2019 The “Skelya” and CRYSTALS-Kyber in the coreSVP model for classical computers have slightly lower than declared security values, but for quantum computers the key encapsulation mechanisms provide the declared security levels. Note that during the analysis, the accuracy of the GSA heuristics and the Chen-Nguyen simulator were analyzed separately. Examples of parameters for which heuristics do not give sufficiently accurate results are given. The performed analysis does not take into account the algebraic structure of lattices used in 8961:2019 \"Skelya\" and CRYSTALS-Kyber. The inclusion of an algebraic structure in the analysis is a further direction of work. The use of simulators is a promising direction, however, more accurate simulators that take into account the structuring of LWE and NTRU arrays are needed.","PeriodicalId":41675,"journal":{"name":"Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia","volume":null,"pages":null},"PeriodicalIF":0.2000,"publicationDate":"2023-03-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.30837/rt.2023.1.212.06","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
引用次数: 0

Abstract

The study of key encapsulation mechanisms on structured lattices is one of the important directions in modern post-quantum cryptography, as many mechanisms are either already standardized (DSTU 8961:2019 "Skelya") or are promising candidates for standardization (CRYSTALS-Kyber). Estimating the complexity of lattice reduction for cryptographic schemes is an old problem. Asymptotic estimates differ greatly from experimental values, therefore, a number of heuristic methods were developed to solve practical problems. The coreSVP model is a standard means of assessing the security of cryptographic schemes on lattices. The purpose of the work is to analyze the encapsulation mechanisms of DSTU 8961:2019 "Skelya" and CRYSTALS-Kyber keys in the coreSVP model. The analysis was performed using two popular heuristics – GSA (Geometric Series Assumption) and the Chen-Nguyen simulator. The analysis showed that the Chen-Nguyen simulator gives slightly lower estimates than the GSA heuristic. As a result of the analysis, it was found that 8961:2019 The “Skelya” and CRYSTALS-Kyber in the coreSVP model for classical computers have slightly lower than declared security values, but for quantum computers the key encapsulation mechanisms provide the declared security levels. Note that during the analysis, the accuracy of the GSA heuristics and the Chen-Nguyen simulator were analyzed separately. Examples of parameters for which heuristics do not give sufficiently accurate results are given. The performed analysis does not take into account the algebraic structure of lattices used in 8961:2019 "Skelya" and CRYSTALS-Kyber. The inclusion of an algebraic structure in the analysis is a further direction of work. The use of simulators is a promising direction, however, more accurate simulators that take into account the structuring of LWE and NTRU arrays are needed.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
核心- svp模型中有前途的密钥封装机制的安全性分析
结构化晶格上密钥封装机制的研究是现代后量子密码学的重要方向之一,因为许多机制要么已经标准化(DSTU 8961:2019“Skelya”),要么是标准化的有希望的候选者(CRYSTALS-Kyber)。估计密码方案的格约简复杂度是一个老问题。渐近估计与实验值相差很大,因此,开发了许多启发式方法来解决实际问题。coreSVP模型是评估格上密码方案安全性的标准方法。本工作的目的是分析DSTU 8961:2019“Skelya”和CRYSTALS-Kyber密钥在coreSVP模型中的封装机制。分析使用两种流行的启发式方法- GSA(几何级数假设)和Chen-Nguyen模拟器。分析表明,Chen-Nguyen模拟器给出的估计略低于GSA启发式。分析结果发现,经典计算机coreSVP模型中的8961:2019“Skelya”和crystal - kyber的安全值略低于声明的安全值,但对于量子计算机,关键封装机制提供了声明的安全级别。请注意,在分析过程中,分别分析了GSA启发式和Chen-Nguyen模拟器的准确性。给出了启发式不能给出足够准确结果的参数示例。所进行的分析没有考虑到8961:2019“Skelya”和CRYSTALS-Kyber中使用的晶格的代数结构。在分析中加入代数结构是进一步的工作方向。使用模拟器是一个很有前途的方向,然而,需要更精确的模拟器来考虑LWE和NTRU阵列的结构。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia
Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia ENGINEERING, ELECTRICAL & ELECTRONIC-
自引率
33.30%
发文量
0
期刊最新文献
Combined heat conductive boards with polyimide dielectrics Synthesis and analysis of the trace detector of air objects of an interrogating radar system Creating a call center test bench for load balancing Asterisk servers in a cluster Current state and development trends of class E oscillators: an overview Experimental studies of a lidar emitter built according to the oscillator-amplifier scheme
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1