Lin Hsin Hsin Quantum Security Center
💥
Lattice-Based Cryptography
Failures & Weakness
Detailed Case-By-Case List
2023
KyberSlash Vulnerability
Weakness: Timing side-channel in division operations.
Impact: Allowed attackers to recover secret keys by analyzing execution time.
Status: Patched in reference implementation (Dec 2023)
Affected libraries: AWS-LC, Botan, liboqs
2022
FrodoKEM Elimination
Weakness: Security margin overestimation in FrodoKEM640 + poor performance.
Impact: Removed from NIST standardization. Demonstrated that generic LWE (while secure) is often impractical.
Source: Daniel J Bernstein Twitter analysis (Oct 2022)
2019
Ideal Lattice Degradation
Weakness: Exploitation of algebraic structure in Ring-LWE.
Impact: Provoked shift toward Module-LWE (used in Kyber/Dilithium) to balance structure and security.
Key Papers: CGS14, Cra+16, CDW17
2014
Subfield-Logarithm Attack
Weakness: Structural vulnerability in cyclotomic fields (power-of-2).
Impact: Challenged the "provable security" narrative of ideal lattices.
Author: Daniel J Bernstein
2006
GGH Signature Break
Weakness: Learning a parallelepiped attack.
Impact: Complete compromise of signature scheme. Accelerated move to hash-based signatures.
Authors: Nguyen and Regev
1999
GGH Encryption Break
Weakness: Fundamental design flaw in trapdoor generation.
Impact: Scheme deemed useless. Marked the end of early lattice encryption attempts.
Author: Phong Q Nguyen