pith. sign in

arxiv: 2604.06942 · v1 · submitted 2026-04-08 · 💻 cs.CR · cs.IT· cs.LG· cs.NE· eess.SP· math.IT

Evaluating PQC KEMs, Combiners, and Cascade Encryption via Adaptive IND-CPA Testing Using Deep Learning

Simon Calderon , Niklas Johansson , Onur G\"unl\"u This is my paper

Pith reviewed 2026-05-10 18:03 UTC · model grok-4.3

classification 💻 cs.CR cs.ITcs.LGcs.NEeess.SPmath.IT
keywords post-quantum cryptographykey encapsulation mechanismsIND-CPA securitydeep neural networkshybrid encryptiondistinguishercascade encryptionempirical validation
0
0 comments X

The pith

Deep neural networks trained as IND-CPA distinguishers detect no significant advantage in any tested PQC KEM, combiner, or symmetric cascade.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes an empirical method to test ciphertext indistinguishability by framing the IND-CPA security game as a binary classification problem solved by deep neural networks. It applies this to post-quantum key encapsulation mechanisms including ML-KEM, BIKE, and HQC, as well as hybrid constructions combining them with classical RSA and to cascades of symmetric ciphers like AES and ChaCha20. The tests reveal that none of the schemes or combinations allow the networks to distinguish ciphertexts from random or from each other with statistical significance. A sympathetic reader would care because this provides a practical, data-driven way to check real-world implementations and compositions during the shift to quantum-resistant cryptography, complementing mathematical proofs.

Core claim

By training deep neural networks on labeled ciphertexts to solve the IND-CPA distinguishing game, the study finds that no PQC KEM, KEM combiner with classical primitives, or symmetric encryption cascade exhibits a distinguishing advantage detectable by the networks, as measured by two-sided binomial tests at significance level 0.01. This outcome aligns with the theoretical expectation that hybrid constructions retain indistinguishability when at least one component is IND-CPA secure.

What carries the argument

DNN-based binary classifier for the IND-CPA game, trained with binary cross-entropy loss on ciphertext data to predict whether a sample comes from the real encryption or a random distribution.

If this is right

  • Hybrid KEMs that include at least one IND-CPA-secure component preserve ciphertext indistinguishability under the DNN adversary model.
  • Cascade constructions of symmetric ciphers exhibit no exploitable patterns beyond the security of their strongest component.
  • The DNN classification framework supplies a general empirical tool for validating cryptographic implementations and compositions.
  • The absence of detectable advantage in the evaluated PQC algorithms is consistent with their claimed security properties.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • More powerful or differently trained networks might still uncover subtle biases that the current architectures miss.
  • The same modeling could be adapted to test stronger notions such as IND-CCA security by changing the underlying game.
  • The method offers a practical complement to proofs for checking real code and parameter choices in deployed systems.

Load-bearing premise

The chosen deep neural network architectures and training regimes form a sufficiently powerful adaptive adversary that can surface any real distinguishing advantage present in the ciphertext distributions.

What would settle it

A new experiment in which one of the tested schemes or combinations yields a DNN accuracy significantly above 50 percent with a two-sided binomial test p-value below 0.01 would falsify the no-advantage result.

Figures

Figures reproduced from arXiv: 2604.06942 by Niklas Johansson, Onur G\"unl\"u, Simon Calderon.

Figure 1
Figure 1. Figure 1: The validation accuracies plotted over training epochs for the KEMs en [PITH_FULL_IMAGE:figures/full_fig_p012_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: The validation accuracies computed on the validation dataset vs. training [PITH_FULL_IMAGE:figures/full_fig_p014_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: The validation accuracies plotted over training epochs for the cascade en [PITH_FULL_IMAGE:figures/full_fig_p016_3.png] view at source ↗
read the original abstract

Ensuring ciphertext indistinguishability is fundamental to cryptographic security, but empirically validating this property in real implementations and hybrid settings presents practical challenges. The transition to post-quantum cryptography (PQC), with its hybrid constructions combining classical and quantum-resistant primitives, makes empirical validation approaches increasingly valuable. By modeling IND-CPA games as binary classification tasks and training on labeled ciphertext data with BCE loss, we study deep neural network (DNN) distinguishers for ciphertext indistinguishability. We apply this methodology to PQC KEMs. We specifically test the public-key encryption (PKE) schemes used to construct examples such as ML-KEM, BIKE, and HQC. Moreover, a novel extension of this DNN modeling for empirical distinguishability testing of hybrid KEMs is presented. We implement and test this on combinations of PQC KEMs with plain RSA, RSA-OAEP, and plaintext. Finally, methodological generality is illustrated by applying the DNN IND-CPA classification framework to cascade symmetric encryption, where we test combinations of AES-CTR, AES-CBC, AES-ECB, ChaCha20, and DES-ECB. In our experiments on PQC algorithms, KEM combiners, and cascade encryption, no algorithm or combination of algorithms demonstrates a significant advantage (two-sided binomial test, significance level $\alpha = 0.01$), consistent with theoretical guarantees that hybrids including at least one IND-CPA-secure component preserve indistinguishability, and with the absence of exploitable patterns under the considered DNN adversary model. These illustrate the potential of using deep learning as an adaptive, practical, and versatile empirical estimator for indistinguishability in more general IND-CPA settings, allowing data-driven validation of implementations and compositions and complementing the analytical security analysis.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 0 minor

Summary. The manuscript introduces a deep learning-based approach to empirically assess ciphertext indistinguishability under the IND-CPA model for post-quantum KEMs, hybrid KEM combiners, and symmetric encryption cascades. By framing the security game as a binary classification problem and training DNNs with binary cross-entropy loss on labeled ciphertexts, the authors test schemes including ML-KEM, BIKE, HQC, RSA hybrids, and combinations of AES, ChaCha20, and DES. Their experiments conclude that no tested algorithm or combination exhibits a statistically significant distinguishing advantage according to a two-sided binomial test at significance level α = 0.01, which aligns with theoretical results on the security of hybrids containing at least one IND-CPA-secure primitive.

Significance. If the results hold under a validated adversary model, the work provides a novel empirical method for testing indistinguishability in complex cryptographic constructions, offering a data-driven complement to formal proofs. This is particularly valuable for hybrid PQC schemes and cascade encryptions during the transition to quantum-resistant cryptography. The approach's generality across PKE, KEMs, and symmetric primitives is a positive aspect.

major comments (1)
  1. [§3 (Methodology) and §4 (Experiments)] §3 (Methodology) and §4 (Experiments): The central claim that no algorithm or combination demonstrates a significant advantage (two-sided binomial test, α=0.01) is load-bearing on the DNNs functioning as sufficiently powerful adaptive IND-CPA adversaries. The text provides only high-level methodology (BCE loss, labeled ciphertext data) without architecture details, hyperparameter choices, input representations, error-bar analysis, or positive-control experiments showing the models can detect known distinguishers when present. This leaves the negative results vulnerable to the interpretation that they reflect underpowered distinguishers rather than true indistinguishability.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for their constructive feedback, which highlights an important aspect of validating our empirical methodology. We address the major comment point-by-point below and will incorporate clarifications and additions in the revised manuscript to strengthen the presentation of our results.

read point-by-point responses

  1. Referee: [§3 (Methodology) and §4 (Experiments)] §3 (Methodology) and §4 (Experiments): The central claim that no algorithm or combination demonstrates a significant advantage (two-sided binomial test, α=0.01) is load-bearing on the DNNs functioning as sufficiently powerful adaptive IND-CPA adversaries. The text provides only high-level methodology (BCE loss, labeled ciphertext data) without architecture details, hyperparameter choices, input representations, error-bar analysis, or positive-control experiments showing the models can detect known distinguishers when present. This leaves the negative results vulnerable to the interpretation that they reflect underpowered distinguishers rather than true indistinguishability.

    Authors: We agree that expanded details on the DNN architectures, hyperparameter selections, input representations (e.g., byte-level or bit-vector encodings of ciphertexts), and error-bar analysis would enhance reproducibility and address potential concerns about model capacity. In the revised version, we will expand §3 to include these specifics, including layer configurations, optimizer settings, training epochs, and statistical variance across multiple runs. We also acknowledge the value of explicit positive-control experiments. While our cascade tests involving DES-ECB provide some implicit indication of the model's behavior on weaker primitives, we will add dedicated positive-control subsections in §4 demonstrating that the DNNs achieve statistically significant distinguishing advantage on known non-IND-CPA constructions or synthetic oracles. These revisions will better support the interpretation of our negative results as evidence of indistinguishability under the tested adversary model rather than insufficient model power. revision: yes

Circularity Check

0 steps flagged

Empirical DNN-based IND-CPA testing reports no significant distinguishing advantage; results are data-driven against external baselines

full rationale

The paper conducts an empirical study by training DNN classifiers on labeled ciphertexts from PQC KEMs, hybrids, and cascades, then applies a two-sided binomial test (α=0.01) to check whether accuracy significantly exceeds 50%. No load-bearing step reduces by construction to a fitted parameter, self-citation chain, or renamed input; the negative result is measured directly against the random-guessing baseline and theoretical expectations for IND-CPA security. The derivation is self-contained as an external validation procedure with no self-definitional or fitted-input-called-prediction patterns.

Axiom & Free-Parameter Ledger

1 free parameters · 1 axioms · 0 invented entities

The central claim rests on the modeling assumption that DNNs can serve as effective adaptive distinguishers and on standard statistical testing; no new physical or mathematical entities are postulated.

free parameters (1)
  • DNN architecture and training hyperparameters
    Network depth, width, learning rate, and batch size are chosen to fit the classification task on ciphertext data.
axioms (1)
  • domain assumption A trained DNN constitutes a sufficiently strong adaptive adversary for detecting IND-CPA violations in the tested schemes
    Invoked when interpreting random-guess performance as evidence of indistinguishability.

pith-pipeline@v0.9.0 · 5652 in / 1292 out tokens · 51751 ms · 2026-05-10T18:03:39.469248+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

40 extracted references · 40 canonical work pages

  1. [1]

    Wiley, 3rd edn

    Agresti, A.: Categorical Data Analysis. Wiley, 3rd edn. (2013)

    work page 2013

  2. [2]

    Aguilar-Melchor, C., et al.: Hamming quasi-cyclic (HQC) (Nov 2017),https: //hal.science/hal-01946880, submission to the NIST post quantum standard- ization process. 2017

    work page 2017

  3. [3]

    In: Huang, T., Zeng, Z., Li, C., Leung, C.S

    Alani, M.M.: Neuro-cryptanalysis of DES and Triple-DES. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds.) Neural Information Processing – ICONIP 2012. pp. 637–646. Springer Berlin Heidelberg, Berlin, Heidelberg (2012)

    work page 2012

  4. [4]

    Aragon, N., et al.: BIKE: Bit flipping key encapsulation (2022)

    work page 2022

  5. [5]

    In: Classical and Physical Security of Symmetric Key Cryptographic Algo- rithms, pp

    Baksi, A.: Machine learning-assisted differential distinguishers for lightweight ci- phers. In: Classical and Physical Security of Symmetric Key Cryptographic Algo- rithms, pp. 141–162. Springer (2022)

    work page 2022

  6. [6]

    NIST Special Publication 800-67 Rev

    Barker, W.C., Barker, E.B.: Recommendation for the Triple Data Encryp- tion Algorithm (TDEA) Block Cipher. NIST Special Publication 800-67 Rev. 2, National Institute of Standards and Technology (Nov 2017).https://doi. org/10.6028/NIST.SP.800-67r2,https://doi.org/10.6028/NIST.SP.800-67r2, withdrawn Jan 1, 2024

    work page doi:10.6028/nist.sp.800-67r2 2017

  7. [7]

    In: Workshop record of SASC

    Bernstein, D.J., et al.: ChaCha, a variant of Salsa20. In: Workshop record of SASC. vol. 8, pp. 3–5 (2008)

    work page 2008

  8. [8]

    In: Ding, J., Steinwandt, R

    Bindel, N., Brendel, J., Fischlin, M., Goncalves, B., Stebila, D.: Hybrid key encap- sulation mechanisms and authenticated key exchange. In: Ding, J., Steinwandt, R. (eds.) Post-Quantum Cryptography – PQCrypto 2019. pp. 206–226. Springer International Publishing, Cham (2019) 18 S. Calderon et al

    work page 2019

  9. [9]

    In: EuroS&P

    Bos, J., et al.: CRYSTALS - Kyber: A CCA-secure module-lattice-based KEM. In: IEEE European Symp. Security and Privacy (EuroS&P). pp. 353–367 (2018). https://doi.org/10.1109/EuroSP.2018.00032

    work page doi:10.1109/eurosp.2018.00032 2018

  10. [10]

    Manning Publications, 2nd edn

    Chollet, F.: Deep Learning with Python. Manning Publications, 2nd edn. (2021)

    work page 2021

  11. [11]

    SIAM Journal on Com- puting33(1), 167–226 (2003)

    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Com- puting33(1), 167–226 (2003)

    work page 2003

  12. [12]

    Duchi, J.: Lecture notes on statistics and information theory (2023)

    work page 2023

  13. [13]

    NIST Special Publication 800-38A, National Institute of Standards and Technology, Gaithersburg, MD (2001).https://doi.org/10.6028/NIST.SP

    Dworkin, M.: Recommendation for block cipher modes of operation: Methods and techniques. NIST Special Publication 800-38A, National Institute of Standards and Technology, Gaithersburg, MD (2001).https://doi.org/10.6028/NIST.SP. 800-38A,https://csrc.nist.gov/publications/detail/sp/800-38a/final

    work page doi:10.6028/nist.sp 2001

  14. [14]

    European Commission: A coordinated implementation roadmap for the transition to post-quantum cryptography. Tech. rep., NIS Cooperation Group (2025),https://digital-strategy.ec.europa.eu/en/library/ coordinated-implementation-roadmap-transition-post-quantum-cryptography

    work page 2025

  15. [15]

    In: Springer Annual international cryptology conference

    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryp- tion schemes. In: Springer Annual international cryptology conference. pp. 537–554 (1999)

    work page 1999

  16. [16]

    In: Abdalla, M., Dahab, R

    Giacon, F., Heuer, F., Poettering, B.: KEM combiners. In: Abdalla, M., Dahab, R. (eds.) Public-Key Cryptography – PKC 2018. pp. 190–218. Springer International Publishing, Cham (2018)

    work page 2018

  17. [17]

    In: Boldyreva, A., Micciancio, D

    Gohr, A.: Improving attacks on round-reduced Speck32/64 using deep learning. In: Boldyreva, A., Micciancio, D. (eds.) Advances in Cryptology – CRYPTO 2019. pp. 150–179. Springer International Publishing, Cham (2019)

    work page 2019

  18. [18]

    Cambridge University Press (2001)

    Goldreich, O.: Foundations of cryptography, basic tools. Cambridge University Press (2001)

    work page 2001

  19. [19]

    MIT Press (2016),http: //www.deeplearningbook.org

    Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT Press (2016),http: //www.deeplearningbook.org

    work page 2016

  20. [20]

    CRC Press, Boca Raton, FL, 3rd edn

    Katz, J., Lindell, Y.: Introduction to Modern Cryptography. CRC Press, Boca Raton, FL, 3rd edn. (2020)

    work page 2020

  21. [21]

    Kim, B.D., et al.: Cryptanalysis via machine learning based information theoretic metrics (2025),https://arxiv.org/abs/2501.15076

    work page arXiv 2025

  22. [22]

    Communications of the ACM21(4), 294–299 (1978)

    Merkle, R.C.: Secure communications over insecure channels. Communications of the ACM21(4), 294–299 (1978)

    work page 1978

  23. [23]

    RFC 8017, Internet Engineering Task Force (Nov 2016).https://doi.org/10.17487/RFC8017,https://www.rfc-editor.org/rfc/ rfc8017.txt

    Moriarty, K., Kaliski, B., Jonsson, J., Rusch, A.: PKCS #1: RSA Cryptogra- phy Specifications Version 2.2. RFC 8017, Internet Engineering Task Force (Nov 2016).https://doi.org/10.17487/RFC8017,https://www.rfc-editor.org/rfc/ rfc8017.txt

    work page doi:10.17487/rfc8017 2016

  24. [24]

    Mosca, M., Piani, M.: Quantum threat timeline report 2022. Tech. rep., Global Risk Institute (2022),https://globalriskinstitute.org/publication/ 2022-quantum-threat-timeline-report/

    work page 2022

  25. [25]

    FIPS Publication 46-3, National Institute of Standards and Technology, Gaithersburg, MD (Oct 1999), withdrawn May 19, 2005

    National Institute of Standards and Technology: FIPS PUB 46-3: Data Encryp- tion Standard (DES). FIPS Publication 46-3, National Institute of Standards and Technology, Gaithersburg, MD (Oct 1999), withdrawn May 19, 2005

    work page 1999

  26. [26]

    https://www.nist.gov/pqcrypto(2016–2024), accessed: 2026-02-01

    National Institute of Standards and Technology: Post-quantum cryptography. https://www.nist.gov/pqcrypto(2016–2024), accessed: 2026-02-01

    work page 2016

  27. [27]

    National Institute of Standards and Technology: Module-Lattice-Based Digital Sig- nature Standard. Tech. Rep. FIPS 204, National Institute of Standards and Tech- nology (August 2024).https://doi.org/10.6028/NIST.FIPS.204 Adaptive IND-CPA Testing of PQC KEMs 19

    work page doi:10.6028/nist.fips.204 2024

  28. [28]

    National Institute of Standards and Technology: Module-Lattice-Based Key- Encapsulation Mechanism Standard. Tech. Rep. FIPS 203, National Institute of Standards and Technology (August 2024).https://doi.org/10.6028/NIST.FIPS. 203

    work page doi:10.6028/nist.fips 2024

  29. [29]

    National Institute of Standards and Technology: Stateless Hash-Based Digital Sig- nature Standard. Tech. Rep. FIPS 205, National Institute of Standards and Tech- nology (August 2024).https://doi.org/10.6028/NIST.FIPS.205

    work page doi:10.6028/nist.fips.205 2024

  30. [30]

    National Security Agency: COMMERCIAL SOLUTIONS for CLASSIFIED (CSfC), data-at-rest capability package v5.0. Standard, National Secu- rity Agency, Fort Meade, MD (2020),https://www.nsa.gov/Portals/75/ documents/resources/everyone/csfc/capability-packages/Data-at-Rest% 20Capability%20Package%20v5.0.pdf?ver=u2-HEakuVfDs1-sonI-Now%3D%3D, accessed: 2026-01-29

    work page 2020

  31. [31]

    NIST: NIST releases first 3 finalized post-quantum encryption stan- dards (2024),https://www.nist.gov/news-events/news/2024/08/ nist-releases-first-3-finalized-post-quantum-encryption-standards [Accessed: 2026-03-04]

    work page 2024

  32. [32]

    In: Advances in Cryptology – ASIACRYPT 1991

    Rivest, R.L.: Cryptography and machine learning. In: Advances in Cryptology – ASIACRYPT 1991. pp. 427–439. Springer (1991)

    work page 1991

  33. [33]

    Communications of the ACM21(2), 120–126 (1978)

    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM21(2), 120–126 (1978)

    work page 1978

  34. [34]

    The annals of math- ematical statistics pp

    Robbins, H., Monro, S.: A stochastic approximation method. The annals of math- ematical statistics pp. 400–407 (1951)

    work page 1951

  35. [35]

    Rukhin, A., et al.: A statistical test suite for random and pseudorandom num- ber generators for cryptographic applications. Tech. Rep. SP800-22 Rev. 1, Na- tional Institute of Standards and Technology, Gaithersburg, MD (2010), dOI: 10.6028/NIST.SP.800-22r1a

    work page doi:10.6028/nist.sp.800-22r1a 2010

  36. [36]

    John Wiley & Sons (2007)

    Schneier, B.: Applied cryptography: protocols, algorithms, and source code in C. John Wiley & Sons (2007)

    work page 2007

  37. [37]

    The Bell System Tech- nical Journal28(4), 656–715 (1949)

    Shannon, C.E.: Communication theory of secrecy systems. The Bell System Tech- nical Journal28(4), 656–715 (1949)

    work page 1949

  38. [38]

    In: Proc

    Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factor- ing. In: Proc. 35th Annual Symp. Foundations of Computer Science (FOCS). pp. 124–134. IEEE (1994)

    work page 1994

  39. [39]

    Team, T.N.P.: NIST PQC standardization process | HQC announced as a 4th round selection (2025),https://www.nist.gov/news-events/news/2025/03/ nist-pqc-standardization-process-hqc-announced-4th-round-selection [Accessed: 2026-03-04]

    work page 2025

  40. [40]

    IEEE Access13, 184122–184132 (2025).https://doi.org/ 10.1109/ACCESS.2025.3623939

    Volpe, E., Gauthier-Umaña, V.: Analyzing IND-CPA security of HQC codes using k-nearest neighbors. IEEE Access13, 184122–184132 (2025).https://doi.org/ 10.1109/ACCESS.2025.3623939

    work page doi:10.1109/access.2025.3623939 2025