Repositori Digital de la UPF

236

Continguts institucionals

268

Dades primàries de recerca

659

Docència

20032

Recerca: articles, congressos, llibres

3500

Recerca: tesis

2929

Recerca: working papers, preprints, informes, etc.

6714

Revistes científiques

4846

Treballs d'estudiants

422

Vida universitària

Guies

Dades de recerca en accés obert

Portal de producció científica

Enviaments recents

ML-based attack on module-LWE assessing the security of module-lattice-based schemes

The dawn of quantum computing compromises the security foundations of classical public-key cryptography, motivating NIST’s recent standardization of post-quantum cryptographic schemes. Two of the four selected algorithms are based on the hardness of the Module Learning With Errors (Module-LWE) problem. As Module-LWE becomes the mathematical primitive of next-generation cryptographic standards, its robustness needs to be evaluated not just against classical and quantum algorithms, but also against novel AI-powered attacks. In this work, we introduce NoMod ML-Attack, a hybrid white-box cryptanalytic attack that avoids the difficulty of directly modelling modular reduction in Module-LWE. Instead, NoMod views modular wraparounds as a type of statistical corruption and reformulates secret recovery as a robust linear estimation problem. Our method begins with advanced lattice preprocessing, improved using several optimizations. In particular, we propose (i) a reduced-vector saving strategy that accumulates and reuses short vectors during tours, and (ii) an algebraic amplification technique that exploits Ring-LWE automorphisms to expand the pool of usable samples. After this preprocessing step, we train robust linear estimators based on Tukey’s Biweight loss, prioritizing direct secret recovery and sampleefficient methods over transformer-based architectures. Our experimental tests demonstrate that NoMod broadens the range of ML-based cryptanalysis. We achieve complete recovery of binary secrets for dimension n = 350, recovery of sparse binomial secrets at n = 256, and successful recovery of sparse secrets in CRYSTALS-Kyber settings with parameters (n,k) = (128,3) and (256,2). Throughout these regimes, NoMod outperforms classical lattice-only techniques and, in some instances, produces results competitive with transformer-based frameworks, such as SALSA [1] and SALSA PICANTE [2]. Finally, to enable future research, we release our open-source implementation of NoMod ML-Attack to support continued study and benchmarking.

(2025) Bassotto, Cristian

Mostra'n més