Decision Support System for Finding an Optimal Postquantum Key Encapsulation Mechanism. Part 2. Prototype Evaluation

This is the final part of the series of articles devoted to the development of a decision support system for choosing the optimal post-quantum key encapsulation mechanism. Efficiency of the methodology proposed for choosing the optimal implementation of the post-quantum cryptographic algorithm is evaluated and substantiated. The economic feasibility of approach is shown and its positive impact on the quality of the cryptographic information protection subsystem is demonstrated. Efficiency comparison of the prototype of the decision support system with existing software products aimed at supporting decision-making in the field of information security is carried out. The consistency of prototype’s recommendations with the conclusions of analytical studies in the field of post-quantum cryptography is checked.

A code based hybrid signcryption scheme

A key encapsulation mechanism (KEM) that takes as input an arbitrary string, i.e., a tag, is known as tag-KEM, while a scheme that combines signature and encryption is called signcryption. In this paper, we present a code-based signcryption tag-KEM scheme. We utilize a code-based signature and a CCA2 (adaptive chosen ciphertext attack) secure version of McEliece's {encryption} scheme. The proposed scheme uses an equivalent subcode as a public code for the receiver, making the NP-completeness of the equivalent subcode problem be one of our main security assumptions. We then base the signcryption tag-KEM to design a code-based hybrid signcryption scheme. A hybrid scheme deploys an asymmetric- as well as a symmetric-key encryption. We give security analyses of both our schemes in the standard model and prove that they are secure against IND-CCA2 (indistinguishability under adaptive chosen ciphertext attack) and SUF-CMA (strong existential unforgeability under chosen message attack).

A code based hybrid signcryption scheme

A key encapsulation mechanism (KEM) that takes as input an arbitrary string, i.e., a tag, is known as tag-KEM, while a scheme that combines signature and encryption is called signcryption. In this paper, we present a code-based signcryption tag-KEM scheme. We utilize a code-based signature and a CCA2 (adaptive chosen ciphertext attack) secure version of McEliece's {encryption} scheme. The proposed scheme uses an equivalent subcode as a public code for the receiver, making the NP-completeness of the equivalent subcode problem be one of our main security assumptions. We then base the signcryption tag-KEM to design a code-based hybrid signcryption scheme. A hybrid scheme deploys an asymmetric- as well as a symmetric-key encryption. We give security analyses of both our schemes in the standard model and prove that they are secure against IND-CCA2 (indistinguishability under adaptive chosen ciphertext attack) and SUF-CMA (strong existential unforgeability under chosen message attack).

Polynomial multiplication on embedded vector architectures

High-degree, low-precision polynomial arithmetic is a fundamental computational primitive underlying structured lattice based cryptography. Its algorithmic properties and suitability for implementation on different compute platforms is an active area of research, and this article contributes to this line of work: Firstly, we present memory-efficiency and performance improvements for the Toom-Cook/Karatsuba polynomial multiplication strategy. Secondly, we provide implementations of those improvements on Arm® Cortex®-M4 CPU, as well as the newer Cortex-M55 processor, the first M-profile core implementing the M-profile Vector Extension (MVE), also known as Arm® Helium™ technology. We also implement the Number Theoretic Transform (NTT) on the Cortex-M55 processor. We show that despite being singleissue, in-order and offering only 8 vector registers compared to 32 on A-profile SIMD architectures like Arm® Neon™ technology and the Scalable Vector Extension (SVE), by careful register management and instruction scheduling, we can obtain a 3× to 5× performance improvement over already highly optimized implementations on Cortex-M4, while maintaining a low area and energy profile necessary for use in embedded market. Finally, as a real-world application we integrate our multiplication techniques to post-quantum key-encapsulation mechanism Saber

Curse of Re-encryption: A Generic Power/EM Analysis on Post-Quantum KEMs

This paper presents a side-channel analysis (SCA) on key encapsulation mechanism (KEM) based on the Fujisaki–Okamoto (FO) transformation and its variants. The FO transformation has been widely used in actively securing KEMs from passively secure public key encryption (PKE), as it is employed in most of NIST post-quantum cryptography (PQC) candidates for KEM. The proposed attack exploits side-channel leakage during execution of a pseudorandom function (PRF) or pseudorandom number generator (PRG) in the re-encryption of KEM decapsulation as a plaintext-checking oracle that tells whether the PKE decryption result is equivalent to the reference plaintext. The generality and practicality of the plaintext-checking oracle allow the proposed attack to attain a full-key recovery of various KEMs when an active attack on the underlying PKE is known. This paper demonstrates that the proposed attack can be applied to most NIST PQC third-round KEM candidates, namely, Kyber, Saber, FrodoKEM, NTRU, NTRU Prime, HQC, BIKE, and SIKE (for BIKE, the proposed attack achieves a partial key recovery). The applicability to Classic McEliece is unclear because there is no known active attack on this cryptosystem. This paper also presents a side-channel distinguisher design based on deep learning (DL) for mounting the proposed attack on practical implementation without the use of a profiling device. The feasibility of the proposed attack is evaluated through experimental attacks on various PRF implementations (a SHAKE software, an AES software, an AES hardware, a bit-sliced masked AES software, and a masked AES hardware based on threshold implementation). Although it is difficult to implement the oracle using the leakage from the TI-based masked hardware, the success of the proposed attack against these implementations (even except for the masked hardware), which include masked software, confirms its practicality.

Racing BIKE: Improved Polynomial Multiplication and Inversion in Hardware

BIKE is a Key Encapsulation Mechanism selected as an alternate candidate in NIST’s PQC standardization process, in which performance plays a significant role in the third round. This paper presents FPGA implementations of BIKE with the best area-time performance reported in literature. We optimize two key arithmetic operations, which are the sparse polynomial multiplication and the polynomial inversion. Our sparse multiplier achieves time-constancy for sparse polynomials of indefinite Hamming weight used in BIKE’s encapsulation. The polynomial inversion is based on the extended Euclidean algorithm, which is unprecedented in current BIKE implementations. Our optimized design results in a 5.5 times faster key generation compared to previous implementations based on Fermat’s little theorem.Besides the arithmetic optimizations, we present a united hardware design of BIKE with shared resources and shared sub-modules among KEM functionalities. On Xilinx Artix-7 FPGAs, our light-weight implementation consumes only 3 777 slices and performs a key generation, encapsulation, and decapsulation in 3 797 μs, 443 μs, and 6 896 μs, respectively. Our high-speed design requires 7 332 slices and performs the three KEM operations in 1 672 μs, 132 μs, and 1 892 μs, respectively.

A Constant-time AVX2 Implementation of a Variant of ROLLO

This paper introduces a key encapsulation mechanism ROLLO+ and presents a constant-time AVX2 implementation of it. ROLLO+ is a variant of ROLLO-I targeting IND-CPA security. The main difference between ROLLO+ and ROLLO-I is that the decoding algorithm of ROLLO+ is adapted from the decoding algorithm of ROLLO-I. Our implementation of ROLLO+-I-128, one of the level-1 parameter sets of ROLLO+, takes 851823 Skylake cycles for key generation, 30361 Skylake cycles for encapsulation, and 673666 Skylake cycles for decapsulation. Compared to the state-of-the-art implementation of ROLLO-I-128 by Aguilar-Melchor et al., which is claimed to be constant-time but actually is not, our implementation achieves a 12.9x speedup for key generation, a 10.6x speedup for encapsulation, and a 14.5x speedup for decapsulation. Compared to the state-of-the-art implementation of the level-1 parameter set of BIKE by Chen, Chou, and Krausz, our key generation time is 1.4x as slow, but our encapsulation time is 3.8x as fast, and our decapsulation time is 2.4x as fast.

Hardware Performance Counters: Ready-Made vs Tailor-Made

Micro-architectural footprints can be used to distinguish one application from another. Most modern processors feature hardware performance counters to monitor the various micro-architectural events when an application is executing. These ready-made hardware performance counters can be used to create program fingerprints and have been shown to successfully differentiate between individual applications. In this paper, we demonstrate how ready-made hardware performance counters, due to their coarse-grain nature (low sampling rate and bundling of similar events, e.g., number of instructions instead of number of add instructions), are insufficient to this end. This observation motivates exploration of tailor-made hardware performance counters to capture fine-grain characteristics of the programs. As a case study, we evaluate both ready-made and tailor-made hardware performance counters using post-quantum cryptographic key encapsulation mechanism implementations. Machine learning models trained on tailor-made hardwareperformance counter streams demonstrate that they can uniquely identify the behavior of every post-quantum cryptographic key encapsulation mechanism algorithm with at least 98.99% accuracy.

Timing Analysis of Algorithm Substitution Attacks in a Post-Quantum TLS Protocol

Snowden's revelations about mass surveillance brought to public attention devastating attacks on cryptographic algorithm implementations. One of the most prominent subsets of these attacks is called Algorithm Substitution Attacks (ASA), where a subverted implementation leaks sensitive information. Recently, it has been proposed to modify TLS implementations to use Post-Quantum Cryptography (PQC). In this paper, we propose and analyze ASA in two PQC schemes that can be used in TLS. We attacked the Kyber Key Encapsulation Mechanism (KEM) and Falcon Signature and successfully deployed them in a TLS implementation. Results show that timing analysis can distinguish our Falcon subversion, but it is not enough to detect our attacks deployed in TLS.