Projects per year
Abstract
Single-trace side-channel attacks are a considerable threat to implementations of classic public-key schemes. For lattice-based cryptography, however, this class of attacks is much less understood, and only a small number of previous works show attacks. Primas et al., for instance, present a single-trace attack on the Number Theoretic Transform (NTT), which is at the heart of many efficient lattice-based schemes.
They, however, attack a variable-time implementation and also require a rather powerful side-channel adversary capable of creating close to a million multivariate templates. Thus, it was an open question if such an attack can be made practical while also targeting state-of-the-art constant-time implementations.
In this paper, we answer this question positively. First, we introduce several improvements to the usage of belief propagation, which underlies the attack. And second, we change the target to encryption instead of decryption; this limits attacks to the recovery of the transmitted symmetric key, but in turn, increases attack performance. All this then allows successful attacks even when switching to univariate Hamming-weight templates. We evaluate the performance and noise resistance of our attack using simulations, but also target a real device. Concretely, we successfully attack an assembly-optimized constant-time Kyber implementation running on an ARM Cortex M4 microcontroller while requiring the construction of only 213 templates.
They, however, attack a variable-time implementation and also require a rather powerful side-channel adversary capable of creating close to a million multivariate templates. Thus, it was an open question if such an attack can be made practical while also targeting state-of-the-art constant-time implementations.
In this paper, we answer this question positively. First, we introduce several improvements to the usage of belief propagation, which underlies the attack. And second, we change the target to encryption instead of decryption; this limits attacks to the recovery of the transmitted symmetric key, but in turn, increases attack performance. All this then allows successful attacks even when switching to univariate Hamming-weight templates. We evaluate the performance and noise resistance of our attack using simulations, but also target a real device. Concretely, we successfully attack an assembly-optimized constant-time Kyber implementation running on an ARM Cortex M4 microcontroller while requiring the construction of only 213 templates.
Original language | English |
---|---|
Title of host publication | Progress in Cryptology – LATINCRYPT 2019 |
Subtitle of host publication | 6th International Conference on Cryptology and Information Security in Latin America, Santiago de Chile, Chile, October 2–4, 2019, Proceedings |
Publisher | Springer |
ISBN (Electronic) | 1611-3349 |
ISBN (Print) | 978-3-030-30529-1 |
Publication status | Published - 2019 |
Event | Latincrypt 2019 - Santiago de Chile, Chile Duration: 2 Oct 2019 → 4 Oct 2019 https://latincrypt2019.cryptojedi.org/ |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer |
Volume | 11774 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | Latincrypt 2019 |
---|---|
Country/Territory | Chile |
City | Santiago de Chile |
Period | 2/10/19 → 4/10/19 |
Internet address |
Fingerprint
Dive into the research topics of 'More Practical Single-Trace Attacks on the Number Theoretic Transform'. Together they form a unique fingerprint.Projects
- 2 Finished
-
Espresso - Scalable hardware-secured authentication and personalization of intelligent sensor nodes
1/05/18 → 31/10/20
Project: Research project
-
Dessnet - Dependable, secure and time-aware sensor networks
Mangard, S., Glanzer, C., Görtschacher, L. J., Bösch, W., Grosinger, J., Fischbacher, R. B., Deutschmann, B. & Shetty, D.
1/06/17 → 31/07/21
Project: Research project
Activities
- 1 Talk at conference or symposium
-
More Practical Single-Trace Attacks on the Number Theoretic Transform
Peter Peßl (Speaker)
2 Oct 2019Activity: Talk or presentation › Talk at conference or symposium › Science to science