SALSA: Attacking Lattice Cryptography with Transformers

07/11/2022
by   Emily Wenger, et al.
54

Currently deployed public-key cryptosystems will be vulnerable to attacks by full-scale quantum computers. Consequently, "quantum resistant" cryptosystems are in high demand, and lattice-based cryptosystems, based on a hard problem known as Learning With Errors (LWE), have emerged as strong contenders for standardization. In this work, we train transformers to perform modular arithmetic and combine half-trained models with statistical cryptanalysis techniques to propose SALSA: a machine learning attack on LWE-based cryptographic schemes. SALSA can fully recover secrets for small-to-mid size LWE instances with sparse binary secrets, and may scale to attack real-world LWE-based cryptosystems.

READ FULL TEXT

page 9

page 10

09/20/2021

Machine-Learning Side-Channel Attacks on the GALACTICS Constant-Time Implementation of BLISS

Due to the advancing development of quantum computers, practical attacks...
09/30/2019

Lattice PUF: A Strong Physical Unclonable Function Provably Secure against Machine Learning Attacks

We propose a strong physical unclonable function (PUF) that is provably ...
10/16/2019

Sapphire: A Configurable Crypto-Processor for Post-Quantum Lattice-based Protocols

Public key cryptography protocols, such as RSA and elliptic curve crypto...
07/26/2022

Publicly verifiable quantum money from random lattices

Publicly verifiable quantum money is a protocol for the preparation of q...
12/03/2021

Prediction and compression of lattice QCD data using machine learning algorithms on quantum annealer

We present regression and compression algorithms for lattice QCD data ut...
08/11/2020

The Polynomial Learning With Errors Problem and the Smearing Condition

As quantum computing advances rapidly, guaranteeing the security of cryp...
09/15/2020

A Systematic Study of Lattice-based NIST PQC Algorithms: from Reference Implementations to Hardware Accelerators

Security of currently deployed public key cryptography algorithms is for...