International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

A Key-Recovery Attack against Mitaka in the t-Probing Model

Authors:
Thomas Prest , PQShield
Download:
DOI: 10.1007/978-3-031-31368-4_8
Search ePrint
Search Google
Conference: PKC 2023
Abstract: Mitaka is a lattice-based signature proposed at Eurocrypt 2022. A key advertised feature of Mitaka is that it can be masked at high orders efficiently, making it attractive in scenarios where side-channel attacks are a concern. Mitaka comes with a claimed security proof in the t-probing model. We uncover a flaw in the security proof of Mitaka, and subsequently show that it is not secure in the t-probing model. For any number of shares d ≥ 4, probing t < d variables per execution allows an attacker to recover the private key efficiently with approximately 2^21 executions. Our analysis shows that even a constant number of probes suffices (t = 3), as long as the attacker has access to a number of executions that is linear in d/t.
BibTeX
@inproceedings{pkc-2023-32732,
  title={A Key-Recovery Attack against Mitaka in the t-Probing Model},
  publisher={Springer-Verlag},
  doi={10.1007/978-3-031-31368-4_8},
  author={Thomas Prest},
  year=2023
}