Generic Side-channel attacks on CCA-secure lattice-based PKE and KEMs

Ravi, Prasanna; Roy, Sujoy Sinha; Chattopadhyay, Anupam; Bhasin, Shivam

doi:10.46586/tches.v2020.i3.307-335

Cited by 92 publications

(69 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For IND-CCA-secure lattice-base schemes, [RBRC20b,RRCB20] proposes a secret key recovery attack through the analysis of recovered messages; this approach however assumes that the messages are recovered perfectly. If the message is recovered with errors, the attack fails.…”

Section: Key Recovery Attackmentioning

confidence: 99%

“…The most common transformation is the Fujisaki-Okamoto (FO) transform or some variation of it [HHK17]. The CCA-transform is itself susceptible to side-channel attacks and should be masked [RRCB20]. Examples of recent masked implementations are: [OSPG18] of a KEM similar to NewHope; and [BBE + 18, MGTF19, GR19] on different lattice-based signature schemes.…”

Section: Introductionmentioning

confidence: 99%

“…In [SKL + 20] a message recovery attack (session key recovery) was described using a single trace on the unprotected encapsulation part of some of the round 3 candidates. In [RRCB20] side-channel attacks on several round 2 candidates were described. In [XPRO] unprotected Kyber was attacked as a case study, using an EM side-channel approach.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation

Ngo

Dubrova

Guo

et al. 2021

TCHES

View full text Add to dashboard Cite

In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.

show abstract

Section: Key Recovery Attackmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation

Ngo

Dubrova

Guo

et al. 2021

TCHES

View full text Add to dashboard Cite

show abstract

“…Where Reparaz et al successfully masked a Chosen-Plaintext Attack (CPA)-secure RLWE decryption, real-world applications typically require Chosen-Ciphertext Attack (CCA) secure primitives, which can be obtained using an appropriate CCA-transform. It has been shown that the CCA-transform is itself susceptible to side-channel attacks and should be masked [RRCB20]. Oder et al [OSPG18] presented a masked implementation of a complete CCA-secure RLWE key decapsulation similar to NewHope KEM [ADPS16], reporting a factor 5.7x overhead over an unmasked implementation.…”

Section: Introductionmentioning

confidence: 99%

A Side-Channel-Resistant Implementation of SABER

Beirendonck

D’Anvers

Karmakar

et al. 2021

J. Emerg. Technol. Comput. Syst.

View full text Add to dashboard Cite

The candidates for the NIST Post-Quantum Cryptography standardization have undergone extensive studies on efficiency and theoretical security, but research on their side-channel security is largely lacking. This remains a considerable obstacle for their real-world deployment, where side-channel security can be a critical requirement. This work describes a side-channel-resistant instance of Saber, one of the lattice-based candidates, using masking as a countermeasure. Saber proves to be very efficient to masking due to two specific design choices: power-of-two moduli and limited noise sampling of learning with rounding. A major challenge in masking lattice-based cryptosystems is the integration of bit-wise operations with arithmetic masking, requiring algorithms to securely convert between masked representations. The described design includes a novel primitive for masked logical shifting on arithmetic shares and adapts an existing masked binomial sampler for Saber. An implementation is provided for an ARM Cortex-M4 microcontroller, and its side-channel resistance is experimentally demonstrated. The masked implementation features a 2.5x overhead factor, significantly lower than the 5.7x previously reported for a masked variant of NewHope. Masked key decapsulation requires less than 3,000,000 cycles on the Cortex-M4 and consumes less than 12kB of dynamic memory, making it suitable for deployment in embedded platforms.

show abstract

“…Since then, it has been demonstrated that an adversary can utilize the non-constant time behavior of Gaussian samplers [BHLY16,EFGT17] as well as a generic cache-attack behavior [BBK + 17]. Power analysis attacks on lattices have been shown to be able to attack even masked implementations of lattice-based cryptography by targeting the number theoretic transform [PPM17, PP19, XPRO20], message encoding [RBRC20, ACLZ20], polynomial multiplication [HCY19], error correcting codes [DTVV19], decoders [SRSW20] or CCA-transform [GJN20,RRCB20].…”

Section: Introductionmentioning

confidence: 99%

Masking Kyber: First- and Higher-Order Implementations

Bos

Gourjon

Renes

et al. 2021

TCHES

View full text Add to dashboard Cite

In the final phase of the post-quantum cryptography standardization effort, the focus has been extended to include the side-channel resistance of the candidates. While some schemes have been already extensively analyzed in this regard, there is no such study yet of the finalist Kyber.In this work, we demonstrate the first completely masked implementation of Kyber which is protected against first- and higher-order attacks. To the best of our knowledge, this results in the first higher-order masked implementation of any post-quantum secure key encapsulation mechanism algorithm. This is realized by introducing two new techniques. First, we propose a higher-order algorithm for the one-bit compression operation. This is based on a masked bit-sliced binary-search that can be applied to prime moduli. Second, we propose a technique which enables one to compare uncompressed masked polynomials with compressed public polynomials. This avoids the costly masking of the ciphertext compression while being able to be instantiated at arbitrary orders.We show performance results for first-, second- and third-order protected implementations on the Arm Cortex-M0+ and Cortex-M4F. Notably, our implementation of first-order masked Kyber decapsulation requires 3.1 million cycles on the Cortex-M4F. This is a factor 3.5 overhead compared to the unprotected optimized implementationin pqm4. We experimentally show that the first-order implementation of our new modules on the Cortex-M0+ is hardened against attacks using 100 000 traces and mechanically verify the security in a fine-grained leakage model using the verification tool scVerif.

show abstract

Generic Side-channel attacks on CCA-secure lattice-based PKE and KEMs

Cited by 92 publications

References 21 publications

A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation

A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation

A Side-Channel-Resistant Implementation of SABER

Masking Kyber: First- and Higher-Order Implementations

Contact Info

Product

Resources

About