Fault Attacks on CCA-secure Lattice KEMs

Lukas Prokop, Peter Peßl

Publikation: Beitrag in einer FachzeitschriftArtikelBegutachtung

Abstract

NIST's post-quantum standardization effort very recently entered its final round. This makes studying the implementation-security aspect of the remaining candidates an increasingly important task, as such analyses can aid in the final selection process and enable appropriately secure wider deployment after standardization. However, lattice-based key-encapsulation mechanisms (KEMs), which are prominently represented among the finalists, have thus far received little attention when it comes to fault attacks.

Interestingly, many of these KEMs exhibit structural similarities. They can be seen as variants of the encryption scheme of Lyubashevsky, Peikert, and Rosen, and employ the Fujisaki-Okamoto transform (FO) to achieve CCA2 security. The latter involves re-encrypting a decrypted plaintext and testing the ciphertexts for equivalence. This corresponds to the classic countermeasure of computing the inverse operation and hence prevents many fault attacks.

In this work, we show that despite this inherent protection, practical fault attacks are still possible. We present an attack that requires a single instruction-skipping fault in the decoding process, which is run as part of the decapsulation. After observing if this fault actually changed the outcome (effective fault) or if the correct result is still returned (ineffective fault), we can set up a linear inequality involving the key coefficients. After gathering enough of these inequalities by faulting many decapsulations, we can solve for the key using a bespoke statistical solving approach. As our attack only requires distinguishing effective from ineffective faults, various detection-based countermeasures, including many forms of double execution, can be bypassed.

We apply this attack to Kyber and NewHope, both of which belong to the aforementioned class of schemes. Using fault simulations, we show that, e.g., 6,500 faulty decapsulations are required for full key recovery on Kyber512. To demonstrate practicality, we use clock glitches to attack Kyber running on a Cortex M4. As we argue that other schemes of this class, such as Saber, might also be susceptible, the presented attack clearly shows that one cannot rely on the FO transform's fault deterrence and that proper countermeasures are still needed.
Originalspracheenglisch
Seiten (von - bis)37-60
Seitenumfang24
FachzeitschriftIACR Transactions on Cryptographic Hardware and Embedded Systems
Jahrgang2021
Ausgabenummer2
DOIs
PublikationsstatusVeröffentlicht - 11 Jan. 2021

ASJC Scopus subject areas

  • Informatik (sonstige)
  • Hardware und Architektur
  • Software
  • Artificial intelligence
  • Signalverarbeitung
  • Computernetzwerke und -kommunikation
  • Computergrafik und computergestütztes Design

Fields of Expertise

  • Information, Communication & Computing

Fingerprint

Untersuchen Sie die Forschungsthemen von „Fault Attacks on CCA-secure Lattice KEMs“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren