Lin Hsin Hsin Quantum Security Center











                  🪁
                  🎈
💥
💥
Lattice-Based Cryptography
Failures & Weakness






Detailed Case-By-Case List





2023
KyberSlash Vulnerability



Weakness: Timing side-channel in division operations.
Impact: Allowed attackers to recover secret keys by analyzing execution time.
Status: Patched in reference implementation (Dec 2023)
Affected libraries: AWS-LC, Botan, liboqs





2022
FrodoKEM Elimination



Weakness: Security margin overestimation in FrodoKEM640 + poor performance.
Impact: Removed from NIST standardization. Demonstrated that generic LWE (while secure) is often impractical.
Source: Daniel J Bernstein Twitter analysis (Oct 2022)





2019
Ideal Lattice Degradation



Weakness: Exploitation of algebraic structure in Ring-LWE.
Impact: Provoked shift toward Module-LWE (used in Kyber/Dilithium) to balance structure and security.
Key Papers: CGS14, Cra+16, CDW17





2014
Subfield-Logarithm Attack



Weakness: Structural vulnerability in cyclotomic fields (power-of-2).
Impact: Challenged the "provable security" narrative of ideal lattices.
Author: Daniel J Bernstein





2006
GGH Signature Break



Weakness: Learning a parallelepiped attack.
Impact: Complete compromise of signature scheme. Accelerated move to hash-based signatures.
Authors: Nguyen and Regev





1999
GGH Encryption Break



Weakness: Fundamental design flaw in trapdoor generation.
Impact: Scheme deemed useless. Marked the end of early lattice encryption attempts.
Author: Phong Q Nguyen
Copyright © 2026. Lin Hsin Hsin. All Rights Reserved. Mobile~tainment®, Frog®