CryptoDB
A Key-Recovery Attack against Mitaka in the t-Probing Model
| Authors: |
|
|---|---|
| Download: | |
| Conference: | PKC 2023 |
| Abstract: | Mitaka is a lattice-based signature proposed at Eurocrypt 2022. A key advertised feature of Mitaka is that it can be masked at high orders efficiently, making it attractive in scenarios where side-channel attacks are a concern. Mitaka comes with a claimed security proof in the t-probing model. We uncover a flaw in the security proof of Mitaka, and subsequently show that it is not secure in the t-probing model. For any number of shares d ≥ 4, probing t < d variables per execution allows an attacker to recover the private key efficiently with approximately 2^21 executions. Our analysis shows that even a constant number of probes suffices (t = 3), as long as the attacker has access to a number of executions that is linear in d/t. |
BibTeX
@inproceedings{pkc-2023-32732,
title={A Key-Recovery Attack against Mitaka in the t-Probing Model},
publisher={Springer-Verlag},
doi={10.1007/978-3-031-31368-4_8},
author={Thomas Prest},
year=2023
}