scholarly journals Single Trace Attack Against RSA Key Generation in Intel SGX SSL

2018 ◽  
Author(s):  
Samuel Weiser ◽  
Raphael Spreitzer ◽  
Lukas Bodner
Keyword(s):  
Key Generation ◽  
Single Trace

scholarly journals Power Analysis on NTRU Prime

2019 ◽  
pp. 123-151
Author(s):  
Wei-Lun Huang ◽  
Jiun-Peng Chen ◽  
Bo-Yin Yang
Keyword(s):  
Power Analysis ◽  
A Priori ◽  
Key Generation ◽  
Scanning Method ◽  
Generic Polynomial ◽  
Small Set ◽  
Correlation Power Analysis ◽  
The One ◽  
Template Attacks ◽  
Single Trace

This paper applies a variety of power analysis techniques to several implementations of NTRU Prime, a Round 2 submission to the NIST PQC Standardization Project. The techniques include vertical correlation power analysis, horizontal indepth correlation power analysis, online template attacks, and chosen-input simple power analysis. The implementations include the reference one, the one optimized using smladx, and three protected ones. Adversaries in this study can fully recover private keys with one single trace of short observation span, with few template traces from a fully controlled device similar to the target and no a priori power model, or sometimes even with the naked eye. The techniques target the constant-time generic polynomial multiplications in the product scanning method. Though in this work they focus on the decapsulation, they also work on the key generation and encapsulation of NTRU Prime. Moreover, they apply to the ideal-lattice-based cryptosystems where each private-key coefficient comes from a small set of possibilities.

scholarly journals Single Trace Analysis on Constant Time CDT Sampler and Its Countermeasure

2018 ◽  
Vol 8 (10) ◽  
pp. 1809 ◽  
Author(s):  
Suhri Kim ◽  
Seokhie Hong
Keyword(s):  
Gaussian Elimination ◽  
Cumulative Distribution ◽  
Constant Time ◽  
Key Generation ◽  
Secret Key ◽  
Secret Keys ◽  
Open Issue ◽  
Single Trace ◽  
Lattice Based Cryptography ◽  
Timing Attacks

The Gaussian sampler is an integral part in lattice-based cryptography as it has a direct connection to security and efficiency. Although it is theoretically secure to use the Gaussian sampler, the security of its implementation is an open issue. Therefore, researchers have started to investigate the security of the Gaussian sampler against side-channel attacks. Since the performance of the Gaussian sampler directly affects the performance of the overall cryptosystem, countermeasures considering only timing attacks are applied in the literature. In this paper, we propose the first single trace power analysis attack on a constant-time cumulative distribution table (CDT) sampler used in lattice-based cryptosystems. From our analysis, we were able to recover every sampled value in the key generation stage, so that the secret key is recovered by the Gaussian elimination. By applying our attack to the candidates submitted to the National Institute of Standards and Technology (NIST), we were able to recover over 99% of the secret keys. Additionally, we propose a countermeasure based on a look-up table. To validate the efficiency of our countermeasure, we implemented it in Lizard and measure its performance. We demonstrated that the proposed countermeasure does not degrade the performance.

scholarly journals Cache-Timing Attacks on RSA Key Generation

2019 ◽  
pp. 213-242 ◽  
Author(s):  
Alejandro Cabrera Aldaya ◽  
Cesar Pereida García ◽  
Luis Manuel Alvarez Tapia ◽  
Billy Bob Brumley
Keyword(s):  
Constant Time ◽  
Key Generation ◽  
Limited Information ◽  
Key Recovery ◽  
Lattice Problem ◽  
Timing Attack ◽  
Problem Instances ◽  
Single Trace ◽  
Bulk Processing ◽  
Trace Cache

During the last decade, constant-time cryptographic software has quickly transitioned from an academic construct to a concrete security requirement for real-world libraries. Most of OpenSSL’s constant-time code paths are driven by cryptosystem implementations enabling a dedicated flag at runtime. This process is perilous, with several examples emerging in the past few years of the flag either not being set or software defects directly mishandling the flag. In this work, we propose a methodology to analyze security-critical software for side-channel insecure code path traversal. Applying our methodology to OpenSSL, we identify three new code paths during RSA key generation that potentially leak critical algorithm state. Exploiting one of these leaks, we design, implement, and mount a single trace cache-timing attack on the GCD computation step. We overcome several hurdles in the process, including but not limited to: (1) granularity issues due to word-size operands to the GCD function; (2) bulk processing of desynchronized trace data; (3) non-trivial error rate during information extraction; and (4) limited high-confidence information on the modulus factors. Formulating lattice problem instances after obtaining and processing this limited information, our attack achieves roughly a 27% success rate for key recovery using the empirical data from 10K trials.

An Efficient Key Generation of ZHFE Public Key Cryptosystem

2018 ◽  
Vol E101.A (1) ◽  
pp. 29-38
Author(s):  
Yasuhiko IKEMATSU ◽  
Dung Hoang DUONG ◽  
Albrecht PETZOLDT ◽  
Tsuyoshi TAKAGI
Keyword(s):  
Public Key ◽  
Public Key Cryptosystem ◽  
Key Generation
Sign in / Sign up

Export Citation Format

Share Document