scholarly journals A Comprehensive Study of the Key Enumeration Problem

Entropy ◽  
2019 ◽  
Vol 21 (10) ◽  
pp. 972 ◽  
Author(s):  
Ricardo Villanueva-Polanco
Keyword(s):  
Main Memory ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Attack ◽  
Enumeration Algorithm ◽  
Key Recovery ◽  
Recovery Algorithm ◽  
Enumeration Problem ◽  
Enumeration Algorithms ◽  
Recovery Problem

In this paper, we will study the key enumeration problem, which is connected to the key recovery problem posed in the cold boot attack setting. In this setting, an attacker with physical access to a computer may obtain noisy data of a cryptographic secret key of a cryptographic scheme from main memory via this data remanence attack. Therefore, the attacker would need a key-recovery algorithm to reconstruct the secret key from its noisy version. We will first describe this attack setting and then pose the problem of key recovery in a general way and establish a connection between the key recovery problem and the key enumeration problem. The latter problem has already been studied in the side-channel attack literature, where, for example, the attacker might procure scoring information for each byte of an Advanced Encryption Standard (AES) key from a side-channel attack and then want to efficiently enumerate and test a large number of complete 16-byte candidates until the correct key is found. After establishing such a connection between the key recovery problem and the key enumeration problem, we will present a comprehensive review of the most outstanding key enumeration algorithms to tackle the latter problem, for example, an optimal key enumeration algorithm (OKEA) and several nonoptimal key enumeration algorithms. Also, we will propose variants to some of them and make a comparison of them, highlighting their strengths and weaknesses.

scholarly journals A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation

2021 ◽  
pp. 676-707
Author(s):  
Kalle Ngo ◽  
Elena Dubrova ◽  
Qian Guo ◽  
Thomas Johansson
Keyword(s):  
Error Correcting Codes ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Attack ◽  
Order Model ◽  
Session Key ◽  
Key Recovery ◽  
Message Recovery ◽  
Recovery Approach

In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.

scholarly journals Cold Boot Attacks on the Supersingular Isogeny Key Encapsulation (SIKE) Mechanism

2020 ◽  
Vol 11 (1) ◽  
pp. 193
Author(s):  
Ricardo Villanueva-Polanco ◽  
Eduardo Angulo-Madrid
Keyword(s):  
Success Rates ◽  
Secret Key ◽  
Enumeration Algorithm ◽  
Key Recovery ◽  
Recovery Algorithm ◽  
Key Encapsulation Mechanism ◽  
Standardization Process ◽  
Overall Performance ◽  
Post Quantum Cryptography ◽  
First Time

This research paper evaluates the feasibility of cold boot attacks on the Supersingular Isogeny Key Encapsulation (SIKE) mechanism. This key encapsulation mechanism has been included in the list of alternate candidates of the third round of the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography Standardization Process. To the best of our knowledge, this is the first time this scheme is assessed in the cold boot attacks setting. In particular, our evaluation is focused on the reference implementation of this scheme. Furthermore, we present a dedicated key-recovery algorithm for SIKE in this setting and show that the key recovery algorithm works for all the parameter sets recommended for this scheme. Moreover, we compute the success rates of our key recovery algorithm through simulations and show the key recovery algorithm may reconstruct the SIKE secret key for any SIKE parameters for a fixed and small α=0.001 (the probability of a 0 to 1 bit-flipping) and varying values for β (the probability of a 1 to 0 bit-flipping) in the set {0.001,0.01,…,0.1}. Additionally, we show how to integrate a quantum key enumeration algorithm with our key-recovery algorithm to improve its overall performance.

scholarly journals Cold Boot Attacks on LUOV

2020 ◽  
Vol 10 (12) ◽  
pp. 4106 ◽  
Author(s):  
Ricardo Villanueva-Polanco
Keyword(s):  
Key Generation ◽  
Secret Key ◽  
Cryptographic Primitives ◽  
Key Recovery ◽  
Recovery Algorithm ◽  
Private Key ◽  
Research Article ◽  
The Family ◽  
And Performance ◽  
First Time

This research article assesses the feasibility of cold boot attacks on the lifted unbalanced oil and Vinegar (LUOV) scheme, a variant of the UOV signature scheme. This scheme is a member of the family of asymmetric cryptographic primitives based on multivariable polynomials over a finite field K and has been submitted as candidate to the ongoing National Institute of Standards and Technology (NIST) standardisation process of post-quantum signature schemes. To the best of our knowledge, this is the first time that this scheme is evaluated in this setting. To perform our assessment of the scheme in this setting, we review two implementations of this scheme, the reference implementation and the libpqcrypto implementation, to learn the most common in-memory private key formats and next develop a key recovery algorithm exploiting the structure of this scheme. Since the LUOV’s key generation algorithm generates its private components and public components from a 256-bit seed, the key recovery algorithm works for all the parameter sets recommended for this scheme. Additionally, we tested the effectiveness and performance of the key recovery algorithm through simulations and found the key recovery algorithm may retrieve the private seed when α = 0.001 (probability that a 0 bit of the original secret key will flip to a 1 bit) and β (probability that a 1 bit of the original private key will flip to a 0 bit) in the range { 0.001 , 0.01 , 0.02 , … , 0.15 } by enumerating approximately 2 40 candidates.

scholarly journals Comprehensive Study of Side-Channel Attack on Emerging Non-Volatile Memories

2021 ◽  
Vol 11 (4) ◽  
pp. 38
Author(s):  
Mohammad Nasim Imtiaz Khan ◽  
Shivam Bhasin ◽  
Bo Liu ◽  
Alex Yuan ◽  
Anupam Chattopadhyay ◽  
...  
Keyword(s):  
High Performance ◽  
Spin Transfer Torque ◽  
Spin Transfer ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Attack ◽  
Static Power ◽  
High Scalability ◽  
Power Operation ◽  
Comprehensive Study

Emerging Non-Volatile Memories (NVMs) such as Magnetic RAM (MRAM), Spin-Transfer Torque RAM (STTRAM), Phase Change Memory (PCM) and Resistive RAM (RRAM) are very promising due to their low (static) power operation, high scalability and high performance. However, these memories bring new threats to data security. In this paper, we investigate their vulnerability against Side Channel Attack (SCA). We assume that the adversary can monitor the supply current of the memory array consumed during read/write operations and recover the secret key of Advanced Encryption Standard (AES) execution. First, we show our analysis of simulation results. Then, we use commercial NVM chips to validate the analysis. We also investigate the effectiveness of encoding against SCA on emerging NVMs. Finally, we summarize two new flavors of NVMs that can be resilient against SCA. To the best of our knowledge, this is the first attempt to do a comprehensive study of SCA vulnerability of the majority of emerging NVM-based cache.

scholarly journals Charge Based Power Side-Channel Attack Methodology for an Adiabatic Cipher

Electronics ◽  
2021 ◽  
Vol 10 (12) ◽  
pp. 1438
Author(s):  
Krithika Dhananjay ◽  
Emre Salman
Keyword(s):  
Power Analysis ◽  
Block Cipher ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Attack ◽  
Ultra Low Power ◽  
Target Signal ◽  
Adiabatic Circuit ◽  
A Charge ◽  
The Internet Of Things

SIMON is a block cipher developed to provide flexible security options for lightweight hardware applications such as the Internet-of-things (IoT). Safeguarding such resource-constrained hardware from side-channel attacks poses a significant challenge. Adiabatic circuit operation has recently received attention for such applications due to ultra-low power consumption. In this work, a charge-based methodology is developed to mount a correlation power analysis (CPA) based side-channel attack to an adiabatic SIMON core. The charge-based method significantly reduces the attack complexity by reducing the required number of power samples by two orders of magnitude. The CPA results demonstrate that the required measurements-to-disclosure (MTD) to retrieve the secret key of an adiabatic SIMON core is 4× higher compared to a conventional static CMOS based implementation. The effect of increase in the target signal load capacitance on the MTD is also investigated. It is observed that the MTD can be reduced by half if the load driven by the target signal is increased by 2× for an adiabatic SIMON, and by 5× for a static CMOS based SIMON. This sensitivity to target signal capacitance of the adiabatic SIMON can pose a serious concern by facilitating a more efficient CPA attack.

scholarly journals Side-Channel Attacks on Post-Quantum Signature Schemes based on Multivariate Quadratic Equations

2018 ◽  
pp. 500-523 ◽  
Author(s):  
Aesun Park ◽  
Kyung-Ah Shim ◽  
Namhun Koo ◽  
Dong-Guk Han
Keyword(s):  
Simple Structure ◽  
Single Layer ◽  
Quantum Signature ◽  
Side Channel ◽  
Secret Key ◽  
Key Recovery ◽  
Signature Schemes ◽  
Quadratic Equations ◽  
Affine Maps ◽  
Equivalent Keys

In this paper, we investigate the security of Rainbow and Unbalanced Oil-and-Vinegar (UOV) signature schemes based on multivariate quadratic equations, which is one of the most promising alternatives for post-quantum signature schemes, against side-channel attacks. We describe correlation power analysis (CPA) on the schemes that yield full secret key recoveries. First, we identify a secret leakage of secret affine maps S and T during matrix-vector products in signing when Rainbow is implemented with equivalent keys rather than random affine maps for optimal implementations. In this case, the simple structure of the equivalent keys leads to the retrieval of the entire secret affine map T. Next, we extend the full secret key recovery to the general case using random affine maps via a hybrid attack: after recovering S by performing CPA, we recover T by mounting algebraic key recovery attacks. We demonstrate how this leakage on Rainbow can be practically exploited on an 8-bit AVR microcontroller using CPA. Consequently, our CPA can be applied to Rainbow-like multi-layered schemes regardless of the use of the simple-structured equivalent keys and UOV-like single layer schemes with the implementations using the equivalent keys of the simple structure. This is the first result on the security of multivariate quadratic equations-based signature schemes using only CPA. Our result can be applied to Rainbow-like multi-layered schemes and UOV-like single layer schemes submitted to NIST for Post-Quantum Cryptography Standardization.

scholarly journals Practical Analysis of Sending or Not-Sending Twin-Field Quantum Key Distribution with Frequency Side Channels

2021 ◽  
Vol 11 (20) ◽  
pp. 9560
Author(s):  
Yi-Fei Lu ◽  
Mu-Sheng Jiang ◽  
Yang Wang ◽  
Xiao-Xu Zhang ◽  
Fan Liu ◽  
...  
Keyword(s):  
Quantum Key Distribution ◽  
Key Distribution ◽  
Practical Implementation ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Attack ◽  
Long Distance ◽  
Side Channels ◽  
The Subject ◽  
Distance Limit

The twin-field quantum key distribution (TF-QKD) and its variants can overcome the fundamental rate-distance limit of QKD. However, their physical implementations with the side channels remain the subject of further research. We test the side channel of a type of external intensity modulation that applies a Mach–Zehnder-type electro-optical intensity modulator, which shows the distinguishability of the signal and decoy states in the frequency domain. Based on this security loophole, we propose a side-channel attack, named the passive frequency-shift attack, on the imperfect implementation of the sending or not-sending (SNS) TF-QKD protocol. We analyze the performance of the SNS protocol with the actively odd-parity pairing (AOPP) method under the side-channel attack by giving the formula of the upper bound of the real secret key rate and comparing it with the lower bound of the secret key rate under Alice and Bob’s estimation. The simulation results quantitatively show the effectiveness of the attack on the imperfect devices at a long distance. Our results emphasize the importance of practical security at the light source and might provide a valuable reference for device selection in the practical implementation of the SNS protocol.

scholarly journals Security against Timing Analysis Attack

2015 ◽  
Vol 5 (4) ◽  
pp. 759
Author(s):  
Deevi Radha Rani ◽  
S Venkateswarlu
Keyword(s):  
Experimental Test ◽  
Timing Analysis ◽  
Critical Issue ◽  
Side Channel ◽  
Hamming Weight ◽  
Test Bed ◽  
Side Channel Attack ◽  
Key Recovery ◽  
Recovery Method ◽  
Timing Attack

Timing attack is the type of side-channel attack involves the time taken to complete critical operations. Securing crypto processor from timing attack is critical issue. This paper implements the Bernstein’s Timing Attack and timing attack based on hamming weight. The countermeasures of Bernstein’s Timing attack are implemented in our experimental test bed and their performance is compared.  This paper also proposes the key recovery method based on timing attack using hamming weight of the key.

scholarly journals Aggregation-Based Tag Deduplication for Cloud Storage with Resistance against Side Channel Attack

2021 ◽  
Vol 2021 ◽  
pp. 1-15
Author(s):  
Xin Tang ◽  
Linna Zhou ◽  
Bingwei Hu ◽  
Haowen Wu
Keyword(s):  
Cloud Storage ◽  
Security Analysis ◽  
Third Party ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Attack ◽  
Lagrangian Interpolation ◽  
Public Auditability ◽  
Cloud Users ◽  
Public Verification

Tag deduplication is an emerging technique to eliminate redundancy in cloud storage, which works by signing integrity tags with a content-associated key instead of user-associated secret key. To achieve public auditability in this scenario, the linkage between cloud users and their integrity tags is firstly re-established in current solutions, which provides a potential side channel to malicious third-party auditor to steal the existence privacy of a certain target file. Such kind of attack, which is also possible among classic public auditing schemes, still cannot be well resisted and is now becoming a big obstacle in using this technique. In this paper, we propose a secure aggregation-based tag deduplication scheme (ATDS), which takes the lead to consider resistance against side channel attack during the process of public verification. To deal with this problem, we define a user-associated integrity tag based on the defined content-associated polynomial and devise a Lagrangian interpolation-based aggregation strategy to achieve tag deduplication. With the help of this technique, content-associated public key is able to be utilized instead of a user-associated one to achieve auditing. Once the verification is passed, the TPA is just only able to make sure that the verified data are correctly corresponding to at least a group of users in cloud storage, rather than determining specific owners. The security analysis and experiment results show that the proposed scheme is able to resist side channel attack and is more efficient compared with the state of the art.

Sign in / Sign up

Export Citation Format

Share Document