scholarly journals Generic Side-channel attacks on CCA-secure lattice-based PKE and KEMs

2020 ◽  
pp. 307-335 ◽  
Author(s):  
Prasanna Ravi ◽  
Sujoy Sinha Roy ◽  
Anupam Chattopadhyay ◽  
Shivam Bhasin
Keyword(s):  
Experimental Validation ◽  
Error Correcting Codes ◽  
Public Key ◽  
Side Channel ◽  
Public Key Encryption ◽  
Side Channel Attacks ◽  
Key Recovery ◽  
Binary Information ◽  
Channel Information ◽  
Standardization Process

In this work, we demonstrate generic and practical EM side-channel assisted chosen ciphertext attacks over multiple LWE/LWR-based Public Key Encryption (PKE) and Key Encapsulation Mechanisms (KEM) secure in the chosen ciphertext model (IND-CCA security). We show that the EM side-channel information can be efficiently utilized to instantiate a plaintext checking oracle, which provides binary information about the output of decryption, typically concealed within IND-CCA secure PKE/KEMs, thereby enabling our attacks. Firstly, we identified EM-based side-channel vulnerabilities in the error correcting codes (ECC) enabling us to distinguish based on the value/validity of decrypted codewords. We also identified similar vulnerabilities in the Fujisaki-Okamoto transform which leaks information about decrypted messages applicable to schemes that do not use ECC. We subsequently exploit these vulnerabilities to demonstrate practical attacks applicable to six CCA-secure lattice-based PKE/KEMs competing in the second round of the NIST standardization process. We perform experimental validation of our attacks on implementations taken from the open-source pqm4 library, running on the ARM Cortex-M4 microcontroller. Our attacks lead to complete key-recovery in a matter of minutes on all the targeted schemes, thus showing the effectiveness of our attack.

Public-key encryption for protecting data in cloud system with intelligent agents against side-channel attacks

2015 ◽  
Vol 20 (12) ◽  
pp. 4919-4932 ◽  
Author(s):  
Chengyu Hu ◽  
Pengtao Liu ◽  
Yongbin Zhou ◽  
Shanqing Guo ◽  
Yilei Wang ◽  
...  
Keyword(s):  
Intelligent Agents ◽  
Public Key ◽  
Cloud System ◽  
Side Channel ◽  
Public Key Encryption ◽  
Side Channel Attacks

An Improved Montgomery Window Algorithm on Modular Exponentiation Secure against Side Channel Attacks

2013 ◽  
Vol 392 ◽  
pp. 862-866
Author(s):  
Mu Han ◽  
Jia Zhao ◽  
Shi Dian Ma
Keyword(s):  
Public Key Cryptography ◽  
Public Key ◽  
Side Channel ◽  
Modular Exponentiation ◽  
Side Channel Attacks ◽  
The Core

As one of the core algorithms in most public key cryptography, modular exponentiation has a flaw of its efficiency, which often uses the Montgomerys algorithm to realize the fast operation. But the Montgomerys algorithm has the issue of side channel leakage from the final conditional subtraction. Aiming at this problem, this paper presents an improved fast Montgomery window algorithm. The new algorithm generates the remainder table with odd power to reduce the amount of pre-computation, and combines with the improved Montgomerys algorithm to realize modular exponentiation, which can accelerate the speed and reduce the side channel leakage. The new algorithm cant only thwart side channel attacks, but also improve the efficiency.

Cryptanalysis of Cramer-Shoup Like Cryptosystems Based on Index Exchangeable Family

2021 ◽  
pp. 1-19
Author(s):  
Jinhui liu ◽  
Yong Yu ◽  
Bo Yang ◽  
Jianwei Jia ◽  
Qiqi Lai
Keyword(s):  
Linear Equation ◽  
Linear Group ◽  
Personal Computer ◽  
Public Key ◽  
Encryption Scheme ◽  
Public Key Encryption ◽  
Key Recovery ◽  
Encryption And Decryption ◽  
Key Recovery Attack

The Cramer-Shoup (CS) like cryptosystem based on index exchangeable family (IEF) construction is a novel scheme introduced in Asiaccs 2016 by Li et al.. Its versatility was illustrated by building two public key encryption (PKE) schemes, a cramer-shoup encryption scheme based on IEFs, as well as an outsourcing technique based on non-abelian analog. However, the two schemes are not secure over the recommended linear group of Li et al. For them, we provide a new key-recovery attack by solving a linear equation respectively. Furthermore, we peel off complex encryption and decryption processes and propose more than three different attack methods. Finally, we give a corresponding example to illustrate the correctness of our attack methods. Our attack methods break an instance of claiming 80 bit security less than one minute under a personal computer.

scholarly journals Lattice-Based Linearly Homomorphic Signature Scheme over F 2

2020 ◽  
Vol 2020 ◽  
pp. 1-7
Author(s):  
Jie Cai ◽  
Han Jiang ◽  
Hao Wang ◽  
Qiuliang Xu
Keyword(s):  
Public Key ◽  
Side Channel ◽  
Signature Scheme ◽  
Side Channel Attacks ◽  
Sampling Function ◽  
Uniform Sampling ◽  
Restricted Condition ◽  
Gaussian Sampling

In this paper, we design a new lattice-based linearly homomorphic signature scheme over F 2 . The existing schemes are all constructed based on hash-and-sign lattice-based signature framework, where the implementation of preimage sampling function is Gaussian sampling, and the use of trapdoor basis needs a larger dimension m ≥ 5 n   log   q . Hence, they cannot resist potential side-channel attacks and have larger sizes of public key and signature. Under Fiat–Shamir with aborting signature framework and general SIS problem restricted condition m ≥ n   log   q , we use uniform sampling of filtering technology to design the scheme, and then, our scheme has a smaller public key size and signature size than the existing schemes and it can resist side-channel attacks.

scholarly journals Will You Cross the Threshold for Me?

2021 ◽  
pp. 722-761
Author(s):  
Prasanna Ravi ◽  
Martianus Frederic Ezerman ◽  
Shivam Bhasin ◽  
Anupam Chattopadhyay ◽  
Sujoy Sinha Roy
Keyword(s):  
Experimental Validation ◽  
Side Channel ◽  
Secret Key ◽  
Intermediate Variable ◽  
Side Channels ◽  
Different Types ◽  
Protection Strategies ◽  
Standardization Process ◽  
Post Quantum Cryptography ◽  
Decryption Oracle

In this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When decapsulated by the target device, these ciphertexts ensure that a targeted intermediate variable becomes very closely related to the secret key. An attacker, who can obtain information about the secret-dependent variable through side-channels, can subsequently recover the full secret key. We propose several novel CCAs which can be carried through by using side-channel leakage from the decapsulation procedure. The attacks instantiate three different types of oracles, namely a plaintext-checking oracle, a decryptionfailure oracle, and a full-decryption oracle, and are applicable to two NTRU-based schemes, which are NTRU and NTRU Prime. The two schemes are candidates in the ongoing NIST standardization process for post-quantum cryptography. We perform experimental validation of the attacks on optimized and unprotected implementations of NTRU-based schemes, taken from the open-source pqm4 library, using the EM-based side-channel on the 32-bit ARM Cortex-M4 microcontroller. All of our proposed attacks are capable of recovering the full secret key in only a few thousand chosen ciphertext queries on all parameter sets of NTRU and NTRU Prime. Our attacks, therefore, stress on the need for concrete side-channel protection strategies for NTRUbased KEMs.

scholarly journals How to Construct Polar Codes for Ring-LWE-Based Public Key Encryption

Entropy ◽  
2021 ◽  
Vol 23 (8) ◽  
pp. 938
Author(s):  
Jiabo Wang ◽  
Cong Ling
Keyword(s):  
Communication Systems ◽  
Error Term ◽  
Error Correcting Code ◽  
Error Correcting Codes ◽  
Communication Strategy ◽  
Public Key ◽  
Channel Noise ◽  
Polar Codes ◽  
Public Key Encryption ◽  
Safety Considerations

There exists a natural trade-off in public key encryption (PKE) schemes based on ring learning with errors (RLWE), namely: we would like a wider error distribution to increase the security, but it comes at the cost of an increased decryption failure rate (DFR). A straightforward solution to this problem is the error-correcting code, which is commonly used in communication systems and already appears in some RLWE-based proposals. However, applying error-correcting codes to those cryptographic schemes is far from simply installing an add-on. Firstly, the residue error term derived by decryption has correlated coefficients, whereas most prevalent error-correcting codes with remarkable error tolerance assume the channel noise to be independent and memoryless. This explains why only simple error-correcting methods are used in existing RLWE-based PKE schemes. Secondly, the residue error term has correlated coefficients leaving accurate DFR estimation challenging even for uncoded plaintext. It can be found in the literature that a tighter DFR estimation can effectively create a DFR margin. Thirdly, most error-correcting codes are not well designed for safety considerations, e.g., syndrome decoding has a nonconstant time nature. A code good at error correcting might be weak under a variety of attacks. In this work, we propose a polar coding scheme for RLWE-based PKE. A relaxed “independence” assumption is used to derive an uncorrelated residue noise term, and a wireless communication strategy, outage, is used to construct polar codes. Furthermore, some knowledge about the residue noise is exploited to improve the decoding performance. With the parameterization of NewHope Round 2, the proposed scheme creates a considerable DRF margin, which gives a competitive security improvement compared to state-of-the-art benchmarks. Specifically, the security is improved by 28.8%, while a DFR of 2−149 is achieved a for code rate pf 0.25, n=1024,q= 12,289, and binomial parameter k=55. Moreover, polar encoding and decoding have a quasilinear complexity O(Nlog2N) and intrinsically support constant-time implementations.

scholarly journals Attacking and Defending Masked Polynomial Comparison for Lattice-Based Cryptography

2021 ◽  
pp. 334-359
Author(s):  
Shivam Bhasin ◽  
Jan-Pieter D’Anvers ◽  
Daniel Heinz ◽  
Thomas Pöppelmann ◽  
Michiel Van Beirendonck
Keyword(s):  
Information Leakage ◽  
Side Channel ◽  
Side Channel Attacks ◽  
First Order ◽  
Comparison Operation ◽  
Security Properties ◽  
Channel Information ◽  
Comparison Algorithms ◽  
Lattice Based Cryptography ◽  
Do So

In this work, we are concerned with the hardening of post-quantum key encapsulation mechanisms (KEM) against side-channel attacks, with a focus on the comparison operation required for the Fujisaki-Okamoto (FO) transform. We identify critical vulnerabilities in two proposals for masked comparison and successfully attack the masked comparison algorithms from TCHES 2018 and TCHES 2020. To do so, we use first-order side-channel attacks and show that the advertised security properties do not hold. Additionally, we break the higher-order secured masked comparison from TCHES 2020 using a collision attack, which does not require side-channel information. To enable implementers to spot such flaws in the implementation or underlying algorithms, we propose a framework that is designed to test the re-encryption step of the FO transform for information leakage. Our framework relies on a specifically parametrized t-test and would have identified the previously mentioned flaws in the masked comparison. Our framework can be used to test both the comparison itself and the full decapsulation implementation.

scholarly journals Efficiency through Diversity in Ensemble Models applied to Side-Channel Attacks

2021 ◽  
pp. 60-96
Author(s):  
Gabriel Zaid ◽  
Lilian Bossuet ◽  
Amaury Habrard ◽  
Alexandre Venelli
Keyword(s):  
Deep Learning ◽  
Model Performance ◽  
Public Key ◽  
Side Channel ◽  
Ensemble Model ◽  
Secret Key ◽  
Side Channel Attacks ◽  
Ensemble Models ◽  
Remaining Time ◽  
Multiple Scenarios

Deep Learning based Side-Channel Attacks (DL-SCA) are considered as fundamental threats against secure cryptographic implementations. Side-channel attacks aim to recover a secret key using the least number of leakage traces. In DL-SCA, this often translates in having a model with the highest possible accuracy. Increasing an attack’s accuracy is particularly important when an attacker targets public-key cryptographic implementations where the recovery of each secret key bits is directly related to the model’s accuracy. Commonly used in the deep learning field, ensemble models are a well suited method that combine the predictions of multiple models to increase the ensemble accuracy by reducing the correlation between their errors. Linked to this correlation, the diversity is considered as an indicator of the ensemble model performance. In this paper, we propose a new loss, namely Ensembling Loss (EL), that generates an ensemble model which increases the diversity between the members. Based on the mutual information between the ensemble model and its related label, we theoretically demonstrate how the ensemble members interact during the training process. We also study how an attack’s accuracy gain translates to a drastic reduction of the remaining time complexity of a side-channel attacks through multiple scenarios on public-key implementations. Finally, we experimentally evaluate the benefits of our new learning metric on RSA and ECC secure implementations. The Ensembling Loss increases by up to 6.8% the performance of the ensemble model while the remaining brute-force is reduced by up to 222 operations depending on the attack scenario.

Sign in / Sign up

Export Citation Format

Share Document