More Practical Single-Trace Attacks on the Number Theoretic Transform

Peter Peßl, Robert Primas

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

Single-trace side-channel attacks are a considerable threat to implementations of classic public-key schemes. For lattice-based cryptography, however, this class of attacks is much less understood, and only a small number of previous works show attacks. Primas et al., for instance, present a single-trace attack on the Number Theoretic Transform (NTT), which is at the heart of many efficient lattice-based schemes.
They, however, attack a variable-time implementation and also require a rather powerful side-channel adversary capable of creating close to a million multivariate templates. Thus, it was an open question if such an attack can be made practical while also targeting state-of-the-art constant-time implementations.
In this paper, we answer this question positively. First, we introduce several improvements to the usage of belief propagation, which underlies the attack. And second, we change the target to encryption instead of decryption; this limits attacks to the recovery of the transmitted symmetric key, but in turn, increases attack performance. All this then allows successful attacks even when switching to univariate Hamming-weight templates. We evaluate the performance and noise resistance of our attack using simulations, but also target a real device. Concretely, we successfully attack an assembly-optimized constant-time Kyber implementation running on an ARM Cortex M4 microcontroller while requiring the construction of only 213 templates.
Original languageEnglish
Title of host publicationProgress in Cryptology – LATINCRYPT 2019
Subtitle of host publication6th International Conference on Cryptology and Information Security in Latin America, Santiago de Chile, Chile, October 2–4, 2019, Proceedings
PublisherSpringer
ISBN (Electronic)1611-3349
ISBN (Print)978-3-030-30529-1
Publication statusPublished - 2019
EventLatincrypt 2019 - Santiago de Chile, Chile
Duration: 2 Oct 20194 Oct 2019
https://latincrypt2019.cryptojedi.org/

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume11774
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceLatincrypt 2019
Country/TerritoryChile
CitySantiago de Chile
Period2/10/194/10/19
Internet address

Fingerprint

Dive into the research topics of 'More Practical Single-Trace Attacks on the Number Theoretic Transform'. Together they form a unique fingerprint.

Cite this