Go to DBLP homepagePost-Quantum Backdoor for Kyber-KEM
Abstract: Kleptography, also known as cryptographic backdoor, poses a significant threat to cryptographic algorithms by clandestinely embedding a backdoor through the use of another cryptographic algorithm, often leveraging public-key encryption techniques. Achieving a carefully designed kleptographic attack demands reducing the detectability of the backdoor to the complexity of cryptographic hard problems. In this paper, we explore the application of kleptography to CRYSTALS-Kyber, a post-quantum algorithm standardized by NIST. Leveraging the Classic McEliece Key Encapsulation Mechanism (KEM), also a NIST round-4 candidate, we devise a backdoor for both Kyber-768 and Kyber-1024. Similar to the approach proposed by Yang et al. [AsiaCCS 2020], our backdoor manipulates only the key generation algorithm, ensuring compatibility with the key encapsulation mechanism (KEM) variant of Kyber, rather than solely the public key encryption. Moreover, we present a stronger definition of undetectability within a public-key framework, capturing the intuition that the backdoor could be hidden in both the Key Generation and Encryption processes, and prove the undetectability of our backdoor under this new definition. In addition, compared with Yang et al., our backdoor has two advantages: (1) We provide post-quantum undetectability; (2) Our backdoor remains independent of the public key seed, preserving public undetectability against certain potential countermeasures. The undetectability of our backdoor hinges on reducing it to the decisional version of the syndrome decoding problem (SDP) for Goppa codes.
External IDs:dblp:conf/sacrypt/XiaWG24
Loading