Evaluating PQC KEMs, Combiners, and Cascade Encryption via Adaptive IND-CPA Testing Using Deep Learning

A team of researchers has published a novel paper on arXiv proposing a deep learning-based method for empirically validating cryptographic security. The work, titled 'Evaluating PQC KEMs, Combiners, and Cascade Encryption via Adaptive IND-CPA Testing Using Deep Learning,' frames the classic IND-CPA (Indistinguishability under Chosen-Plaintext Attack) security game as a binary classification task. By training deep neural networks (DNNs) on labeled ciphertext data, the authors create adaptive distinguishers to hunt for any statistical patterns that could break ciphertext indistinguishability—a core property of secure encryption.

The researchers applied this methodology across three critical areas. First, they tested the public-key encryption schemes underlying major NIST-selected post-quantum cryptography (PQC) Key Encapsulation Mechanisms (KEMs), including ML-KEM (formerly CRYSTALS-Kyber), BIKE, and HQC. Second, they extended the framework to evaluate hybrid KEMs, which combine PQC algorithms with classical ones like RSA and RSA-OAEP, a crucial configuration for the ongoing cryptographic transition. Finally, they demonstrated the method's generality by testing cascade symmetric encryption, combining algorithms like AES-CTR, AES-CBC, ChaCha20, and the legacy DES.

In all experiments, the DNN distinguishers found no significant advantage in breaking the indistinguishability of any single algorithm or combination. This empirical result, validated with a two-sided binomial test at a 0.01 significance level, aligns with theoretical guarantees. It confirms that hybrid constructions using at least one IND-CPA-secure component preserve security and that the tested implementations lack exploitable patterns detectable by this powerful adaptive model. The study illustrates deep learning's potential as a versatile, data-driven tool for complementing formal security proofs with practical validation.