Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Presentations 2025
Presentation

Misbinding KEMs

February 26, 2025

Presenters

Deirdre Connolly - SandboxAQ
Sophie Schmieg - Google

Description

Binding properties of KEMs have been first discussed in Cremers, Dax, and Medinger's paper "Keeping Up with the
KEMs". The paper discusses several properties that KEMs have that go beyond the usual notion of IND-CCA security. In this talk, we will discuss examples where the behavior of a scheme beyond IND-CCA, with the attackers having
knowledge of secret key material mattered in practice (Invisible Salamanders, Key Compromise Impersonation), discuss the concrete binding properties of ML-KEM (Unbindable Kemmy Schmidt), and how the methods used for preventing misbinding issues have further advantages that makes them generally desirable in practice. We then explore how these properties show up in practice in hybrid PQ/T KEMs such as X-Wing, especially in the key generation algorithms. Such techniques prove both attractive for speed and size parameters and also benefit the security properties of the KEM scheme, in a (hopefully) NIST-compliant fashion.

Presented at

NIST Workshop on Guidance for KEMs
February 25-26, 2025 (Virtual)

Downloads

Event Details

Location

    Virtual

Related Topics

Security and Privacy: key management, post-quantum cryptography

Created February 26, 2025, Updated April 28, 2025