The transition of the Internet’s public-key infrastructure to Post-Quantum Cryptography (PQC) replaces well-scrutinized schemes with theoretically secure but implementation-wise immature ones based on structured lattices or error-correcting codes. This transition creates a fertile ground for subtle implementation errors, such as Hard-to-Find Bugs (HFBs) in PQC software, that can cause disastrous failures while evading conventional testing procedures. We show that the HFB profile of PQC differs radically from classical cryptography: carry-propagation bugs, common in classical schemes like RSA, ECDH, and ECDSA, are practically absent, while timing side-channels in polynomial arithmetic (e.g., KyberSlash) and precision divergences in floating-point operations in Falcon dominate. To explore this relatively new attack surface, we present a systematic taxonomy of PQC-specific HFBs and introduce an extension of the well-known open-source Wycheproof framework, called wycheproof-pqc, that utilizes targeted Known Answer Tests (KATs) to expose elusive bugs. We also provide documentation of 15 weaknesses in common open-source PQC implementations, highlighting the challenges of securing the next generation of public-key cryptosystems.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Hard-to-Find Bugs in a Post-Quantum Age

  • Matteo Steinbach,
  • Peter B. Rønne,
  • Johann Großschädl

摘要

The transition of the Internet’s public-key infrastructure to Post-Quantum Cryptography (PQC) replaces well-scrutinized schemes with theoretically secure but implementation-wise immature ones based on structured lattices or error-correcting codes. This transition creates a fertile ground for subtle implementation errors, such as Hard-to-Find Bugs (HFBs) in PQC software, that can cause disastrous failures while evading conventional testing procedures. We show that the HFB profile of PQC differs radically from classical cryptography: carry-propagation bugs, common in classical schemes like RSA, ECDH, and ECDSA, are practically absent, while timing side-channels in polynomial arithmetic (e.g., KyberSlash) and precision divergences in floating-point operations in Falcon dominate. To explore this relatively new attack surface, we present a systematic taxonomy of PQC-specific HFBs and introduce an extension of the well-known open-source Wycheproof framework, called wycheproof-pqc, that utilizes targeted Known Answer Tests (KATs) to expose elusive bugs. We also provide documentation of 15 weaknesses in common open-source PQC implementations, highlighting the challenges of securing the next generation of public-key cryptosystems.