Search papers, labs, and topics across Lattice.
This paper explores the use of deep neural networks (DNNs) as distinguishers in IND-CPA games to empirically evaluate the ciphertext indistinguishability of post-quantum cryptography (PQC) KEMs, KEM combiners, and cascade encryption schemes. The authors trained DNNs to classify ciphertexts and tested them against various PQC algorithms (ML-KEM, BIKE, HQC), hybrid KEMs (PQC KEMs with RSA), and cascade symmetric encryption (AES, ChaCha20, DES). The experiments found no statistically significant advantage for any algorithm or combination, supporting theoretical guarantees of indistinguishability when at least one component is IND-CPA secure, within the limitations of the DNN adversary model.
DNN-based distinguishers can empirically validate the indistinguishability of complex cryptographic constructions, but don't yet reveal exploitable weaknesses in standard PQC hybrids.
Ensuring ciphertext indistinguishability is fundamental to cryptographic security, but empirically validating this property in real implementations and hybrid settings presents practical challenges. The transition to post-quantum cryptography (PQC), with its hybrid constructions combining classical and quantum-resistant primitives, makes empirical validation approaches increasingly valuable. By modeling IND-CPA games as binary classification tasks and training on labeled ciphertext data with BCE loss, we study deep neural network (DNN) distinguishers for ciphertext indistinguishability. We apply this methodology to PQC KEMs. We specifically test the public-key encryption (PKE) schemes used to construct examples such as ML-KEM, BIKE, and HQC. Moreover, a novel extension of this DNN modeling for empirical distinguishability testing of hybrid KEMs is presented. We implement and test this on combinations of PQC KEMs with plain RSA, RSA-OAEP, and plaintext. Finally, methodological generality is illustrated by applying the DNN IND-CPA classification framework to cascade symmetric encryption, where we test combinations of AES-CTR, AES-CBC, AES-ECB, ChaCha20, and DES-ECB. In our experiments on PQC algorithms, KEM combiners, and cascade encryption, no algorithm or combination of algorithms demonstrates a significant advantage (two-sided binomial test, significance level $伪= 0.01$), consistent with theoretical guarantees that hybrids including at least one IND-CPA-secure component preserve indistinguishability, and with the absence of exploitable patterns under the considered DNN adversary model. These illustrate the potential of using deep learning as an adaptive, practical, and versatile empirical estimator for indistinguishability in more general IND-CPA settings, allowing data-driven validation of implementations and compositions and complementing the analytical security analysis.