The Post-Quantum Cryptography (PQC) research team from China Telecom, in collaboration with the group led by Professor Yu Yu at Shanghai Jiao Tong University, has jointly identified significant security vulnerabilities in the KAZ series of anti-quantum cryptographic algorithm suites. These algorithms were the sole selection in Malaysia's MySEAL 2.0 program. The research reveals that the use of a primorial modulus design in the three algorithms—KAZ-KA, KAZ-KEM, and KAZ-SIGN v2.0—leads to smooth group orders. This design flaw substantially diminishes the complexity of solving the discrete logarithm problem, a cornerstone of cryptographic security.

The joint team has devised a key recovery attack strategy capable of extracting the cryptographic key within just 1 second on standard computing devices. This attack can be executed using only the public key or two signatures, demonstrating that the KAZ algorithms fall short of meeting established security benchmarks. The team's findings have been made available on the preprint platform of the International Association for Cryptologic Research, offering valuable insights for the security assessment of anti-quantum cryptographic algorithms.

China Telecom Quantum Group contributed theoretical expertise to this research endeavor, leveraging its independently developed commercial cryptographic product system and comprehensive technological framework.