all InfoSec news
Unbindable Kemmy Schmidt: ML-KEM is neither MAL-BIND-K-CT nor MAL-BIND-K-PK
April 6, 2024, 4:06 a.m. |
IACR News www.iacr.org
ePrint Report: Unbindable Kemmy Schmidt: ML-KEM is neither MAL-BIND-K-CT nor MAL-BIND-K-PK
Sophie Schmieg
In "Keeping up with the KEMs" Cremers et al. introduced various binding models for KEMs. The authors show that ML-KEM is LEAK-BIND-K-CT and LEAK-BIND-K-PK, i.e. binding the ciphertext and the public key in the case of an adversary having access, but not being able to manipulate the key material. They further conjecture that ML-KEM also has MAL-BIND-K-PK, but not MAL-BIND-K-CT, the binding of public key or ciphertext …
adversary authors bind case ciphertext eprint report key leak public public key report
More from www.iacr.org / IACR News
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Application Security Engineer - Remote Friendly
@ Unit21 | San Francisco,CA; New York City; Remote USA;
Cloud Security Specialist
@ AppsFlyer | Herzliya
Malware Analysis Engineer - Canberra, Australia
@ Apple | Canberra, Australian Capital Territory, Australia
Product CISO
@ Fortinet | Sunnyvale, CA, United States
Manager, Security Engineering
@ Thrive | United States - Remote