Single Trace Analysis on Constant Time CDT Sampler and Its Countermeasure

Kim, Suhri; Hong, Seokhie

doi:10.3390/app8101809

Cited by 20 publications

(11 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Kim et al [KH18] found that high-precision Gaussian samples based on CDT are not only inefficient in terms of required storage space, but also showed their insecurity by demonstrating a single trace power analysis attack. By recovering the Gaussian samples, they also break the security of the lattice-based scheme employing the sampler.…”

Section: Related Workmentioning

confidence: 99%

“…The deviation of the resulting values from a Gaussian distribution is compensated by an additional rejection condition based on a Bernoulli sample. Due to the blending with uniform values, even if the CDT sample values are obtained by an attack such as the one by Kim et al [KH18], the values of the final Gaussian sample cannot be derived. Thus, the secret key cannot be recovered as the solution to a system of linear equations.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Machine-Learning Side-Channel Attacks on the GALACTICS Constant-Time Implementation of BLISS

Marzougui,

Wisiol,

Gersch

et al. 2021

Preprint

View full text Add to dashboard Cite

Due to the advancing development of quantum computers, practical attacks on conventional public-key cryptography may become feasible in the next few decades. To address this risk, post-quantum schemes that are secure against quantum attacks are being developed. Lattice-based algorithms are promising replacements for conventional schemes, with BLISS being one of the earliest post-quantum signature schemes in this family. However, required subroutines such as Gaussian sampling have been demonstrated to be a risk for the security of BLISS, since implementing Gaussian sampling both efficient and secure with respect to physical attacks is highly challenging. This paper presents three related power side-channel attacks on GALACTICS, the latest constant-time implementation of BLISS. All attacks are based on leakages we identified in the Gaussian sampling and signing algorithm of GALACTICS. To run the attack, a profiling phase on a device identical to the device under attack is required to train machine learning classifiers. In the attack phase, the leakages of GALACTICS enable the trained classifiers to predict sensitive internal information with high accuracy, paving the road for three different key recovery attacks. We demonstrate the leakages by running GALACTICS on a Cortex-M4 and provide proof-of-concept data and implementation for all our attacks.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Machine-Learning Side-Channel Attacks on the GALACTICS Constant-Time Implementation of BLISS

Marzougui,

Wisiol,

Gersch

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…There has been a lot of work focus on the risks of lattice-based cryptographic systems to side-channel attacks. Several works exploit vulnerabilities of different operations, including but not limited to polynomial multiplication [PPM17,HCY19,XPSR + 21,AKJ + 18], message encoding/decoding [ACLZ20, RBRC22, NDGJ21], Gaussian sampler [Pes16,KH18], or the Fujisaki-Okamoto (FO) transform [RSRCB20, BDH + 21]. In particular, the polynomial multiplication has attracted more attention for the vulnerability of long-term secret key.…”

Section: Introductionmentioning

confidence: 99%

Single-Trace Side-Channel Attacks on the Toom-Cook: The Case Study of Saber

Zhu

Huang

et al. 2022

TCHES

View full text Add to dashboard Cite

The Toom-Cook method is a well-known strategy for building algorithms to multiply polynomials efficiently. Along with NTT-based polynomial multiplication, Toom-Cook-based or Karatsuba-based polynomial multiplication algorithms still have regained attention since the start of the NIST’s post-quantum standardization procedure. Compared to the comprehensive analysis done for NTT, the leakage characteristics of Toom-Cook have not been discussed. We analyze the vulnerabilities of Toom-Cook in the reference implementation of Saber, a third round finalist of NIST’s post-quantum standardization process. In this work, we present the first single-trace attack based on the soft-analytical side-channel attack (SASCA) targeting the Toom-Cook. The deep learning-based power analysis is combined with SASCA to decrease the number of templates since there are a large number of similar operations in the Toom-Cook. Moreover, we describe the optimized factor graph and improved belief propagation to make the attack more practical. The feasibility of the attack is verified by evaluation experiments. We also discuss the possible countermeasures to prevent the attack.

show abstract

“…Recently, PQCs, cryptographic algorithms executed on a classical computer which are expected to be secure against adversaries with quantum computers, have been actively studied. This special issue contains two papers about power analysis attacks on PQCs: The well-known NTRU algorithm, and a cumulative distribution table (CDT) sampler used in the lattice-based PQCs [64,65].Cache-based timing attacks: This special issue contains two research papers with regard to cache-based timing attacks, utilizing the timing difference between cache hits and cache misses. One paper proposes a new constant-time method for RSA modular exponentiation, which is resistant against fine-grained cache attacks [66].…”

mentioning

confidence: 99%

mentioning

confidence: 99%