CryptoDB
Assessing the Impact of a Variant of MATZOV's Dual Attack on Kyber
| Authors: |
|
|---|---|
| Download: | |
| Conference: | CRYPTO 2025 |
| Abstract: | The dual attacks on the Learning With Errors (LWE) problem are currently a subject of controversy. In particular, the results of [28], which claim to significantly lower the security level of Kyber [35], a lattice-based cryptosystem currently being standardized by NIST, are not widely accepted. The analysis behind their attack depends on a series of assumptions that, in certain scenarios, have been shown to contradict established theorems or well-tested heuristics [19]. In this paper, we introduce a new dual lattice attack on LWE, drawing from ideas in coding theory. Our approach revisits the dual attack proposed by [28], replacing modulus switching with an efficient decoding algorithm. This decoding is achieved by generalizing polar codes over Z/qZ, and we confirm their strong distortion properties through benchmarks. This modification enables a reduction from small-LWE to plain-LWE, with a notable decrease in the secret dimension. Additionally, we replace the enumeration step in the attack by assuming the secret is zero for the portion being enumerated, iterating this assumption over various choices for the enumeration part. We make an analysis of our attack without using the flawed independence assumptions used in [28] and we fully back up our analysis with experimental evidences. Lastly, we assess the complexity of our attack on Kyber; showing that the security levels for Kyber-512/768/1024 are 3.5/11.9/12.3 bits below the NIST requirements (143/207/272 bits) in the same nearest-neighbor cost model as in [35,28]. All in all the cost of our attack matches and even slightly beat in some cases the complexities originally claimed by the attack of [28]. |
BibTeX
@inproceedings{crypto-2025-35807,
title={Assessing the Impact of a Variant of MATZOV's Dual Attack on Kyber},
publisher={Springer-Verlag},
author={Kévin Carrier and Jean-Pierre Tillich and Yixin Shen and Charles Meyer-Hilfiger},
year=2025
}