Zhuang Xu,Owen Pemberton,Sujoy Sinha Roy,David Oswald,Wang Yao,Zhiming Zheng,Owen Michael Pemberton

DOI: https://doi.org/10.1109/tc.2021.3122997

IF: 3.183

2022-01-01

IEEE Transactions on Computers

Abstract:Lattice-based cryptography, as an active branch of post-quantum cryptography (PQC), has drawn great attention from side-channel analysis researchers in recent years. Despite the various side-channel targets examined in previous studies, detail on revealing the secret-dependent information efficiently is less studied. In this paper, we propose adaptive EM side-channel attacks with carefully constructed ciphertexts on Kyber, which is a finalist of NIST PQC standardization project. We demonstrate that specially chosen ciphertexts allow an adversary to modulate the leakage of a target device and enable full key extraction with a small number of traces through simple power analysis. Compared to prior research, our techniques require fewer traces and avoid building complex templates. We practically evaluate our methods using both a reference implementation and the ARM-specific implementation in pqm4 library. For the reference implementation, we target the leakage of the output of the inverse NTT computation and recover the full key with only four traces. For the pqm4 implementation, we develop a message-recovery attack that leads to extraction of the full secret key with between eight and 960 traces, depending on the compiler optimization level. We discuss the relevance of our findings to other lattice-based schemes and explore potential countermeasures.

engineering, electrical & electronic,computer science, hardware & architecture

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li

DOI: https://doi.org/10.1109/cicc60959.2024.10528999

2024-01-01

Abstract:The migration to post-quantum cryptography (PQC) is accelerating with the release of three drafts of the 2023 PQC federal information processing standard (FIPS), of which Kyber is the only officially selected key encapsulation mechanism (KEM) as Figure 1. However, the migration from traditional cryptography to PQC still faces the following three challenges: 1) The significant increase in key size and encryption/decryption latency leads to performance degradation and resource overhead in existing information devices. Moreover, unauthorized access also raises privacy concerns. 2) More complex calculations and scheduling, as well as potential efficiency issues. 3) The risk of side channel attack (SCA) and the improvement of protection requirements faced by PQC hardware.

Munkhbaatar Chinbat,Liji Wu,Xiangmin Zhang,Altantsooj Batsukh,Yifan Yang,Le Wu

DOI: https://doi.org/10.1109/asid60355.2023.10426450

2023-01-01

Abstract:CRYSTALS-Kyber is a new algorithm that the NIST recently selected to standardize public-key encryption and key establishment. Therefore, studies are needed to evaluate the side-channel attack resistance of CRYSTALS-Kyber implementations. This paper presents a simple power analysis of a CRYSTALS-Kyber hardware implementation with the security parameter k=3. Since hardware implementations perform computations in parallel, the power consumption of each operation is difficult to quantify. The entire power consumption trace was identified using 6,072,500 samples during the CCAKEM implementation of Kyber. A significant part of the message encoding power consumption occurred during decapsulation. These findings show that existing hardware implementations of CRYSTALS-Kyber require effective countermeasures to efficiently resist side-channel attacks.

Prasanna Ravi,Anupam Chattopadhyay,Jan Pieter D’Anvers,Anubhab Baksi

DOI: https://doi.org/10.1145/3603170

2023-06-05

ACM Transactions on Embedded Computing Systems

Abstract:In this work, we present a systematic study of Side-Channel Attacks (SCA) and Fault Injection Attacks (FIA) on structured lattice-based schemes, with main focus on Kyber Key Encapsulation Mechanism (KEM) and Dilithium signature scheme, which are leading candidates in the NIST standardization process for Post-Quantum Cryptography (PQC). Through our study, we attempt to understand the underlying similarities and differences between the existing attacks, while classify them into different categories. Given the wide-variety of reported attacks, simultaneous protection against all the attacks requires to implement customized protections/countermeasures for both Kyber and Dilithium. We therefore present a range of customized countermeasures, capable of providing defences/mitigations against existing SCA/FIA, and incorporate several SCA and FIA countermeasures within a single design of Kyber and Dilithium. Among the several countermeasures discussed in this work, we present novel countermeasures that offer simultaneous protection against several SCA and FIA based chosen-ciphertext attacks for Kyber KEM. We implement the presented countermeasures within two well-known public software libraries for PQC - (1) pqm4 library for the ARM Cortex-M4 based microcontroller and (2) liboqs library for the Raspberry Pi 3 Model B Plus based on the ARM Cortex-A53 processor. Our performance evaluation reveals that the presented custom countermeasures incur reasonable performance overheads, on both the evaluated embedded platforms. We therefore believe our work argues for usage of custom countermeasures within real-world implementations of lattice-based schemes, either in a standalone manner, or as reinforcements to generic countermeasures such as masking.

computer science, software engineering, hardware & architecture

Kexin Qiao,Zhaoyang Wang,Heng Chang,Siwei Sun,Zehan Wu,Junjie Cheng,Changhai Ou,An Wang,Liehuang Zhu

DOI: https://doi.org/10.1007/s11432-024-4150-3

2024-10-26

Science China Information Sciences

Abstract:The implementation security of post-quantum cryptography (PQC) algorithms has emerged as a critical concern with the PQC standardization process reaching its end. In a side-channel-assisted chosen-ciphertext attack, the attacker builds linear inequalities on secret key components and uses the belief propagation (BP) algorithm to solve. The number of inequalities leverages the query complexity of the attack, so the fewer the better. In this paper, we use the PQC standard algorithm CRYSTALS-K yber as a study case to construct bilateral inequalities on key variables with substantially narrower intervals using a side-channel-assisted oracle. For K YBER 512, K YBER 768, and K YBER 1024, the average Shannon entropy carried by such inequality is improved from the previous 0.6094, 0.4734, and 0.8544 to 0.6418, 0.4777, and 1.2007. The number of such inequalities required to recover the key utilizing the BP algorithm for K YBER 512 and K YBER 1024 is reduced by 5.32% and 40.53% in theory and experimentally the reduction is even better. The query complexity is reduced by 43%, 37%, and 48% for K YBER 512, 768, and 1024 assuming reasonably perfect reliability. Furthermore, we introduce a strategy aimed at further refining the interval of inequalities. Diving into the BP algorithm, we discover a measure metric named JSD (Jensen-Shannon distance)-metric that can gauge the tightness of an inequality. We then develop a machine learning-based strategy to utilize the JSD-metrics to contract boundaries of inequalities even with fewer inequalities given, thus improving the entropy carried by the system of linear inequalities. This contraction strategy is at the algorithmic level and has the potential to be employed in all attacks endeavoring to establish a system of inequalities concerning key variables.

computer science, information systems,engineering, electrical & electronic

Xinjie Zhao,Shize Guo,Fan Zhang,Tao Wang,Zhijie Shi,Hao Luo

DOI: https://doi.org/10.1587/transfun.e96.a.332

2012-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:This paper proposes several improved Side-channel cube attacks (SCCAs) on PRESENT-80/128 under single bit leakage model. Assuming the leakage is in the output of round 3 as in previous work, we discover new results of SCCA on PRESENT. Then an enhanced SCCA is proposed to extract key related non-linear equations. 64-bit key for both PRESENT-80 and 128 can be obtained. To mount more effective attack, we utilize the leakage in round 4 and enhance SCCA in two ways. A partitioning scheme is proposed to handle huge polynomials, and an iterative scheme is proposed to extract more key bits. With these enhanced techniques, the master key search space can be reduced to 28 for PRESENT-80 and to 229 for PRESENT-128.

Yuan Ma,Xinyue Yang,An Wang,Congming Wei,Tianyu Chen,Haotong Xu

DOI: https://doi.org/10.1007/978-981-97-1235-9_12

2024-01-01

Abstract:Kyber, selected as the next-generation standard for key encapsulation mechanism in the third round of the NIST post-quantum cryptography standardization process, has naturally raised concerns regarding its resilience against side-channel analysis and other physical attacks. In this paper, we propose a method for profiling the secret key using multiple features extracted based on a binary plaintext-checking oracle. In addition, we incorporate deep learning into the power analysis attack and propose a convolutional neural network suitable for multi-feature recognition. The experimental results demonstrate that our approach achieves an average key recovery success rate of 64.15% by establishing secret key templates. Compared to single-feature recovery, our approach bypasses the intermediate value recovery process and directly reconstructs the representation of the secret key. Our approach improves the correct key guess rate by 54% compared to single-feature recovery and is robust against invalid attacks caused by errors in single-feature recovery. Our approach was performed against the Kyber768 implementation from pqm4 running on STM32F429 M4-cortex CPU.

Kai Wang,Dejun Xu,Jing Tian

2024-09-28

Abstract:After three rounds of post-quantum cryptography (PQC) strict evaluations conducted by the national institute of standards and technology (NIST), CRYSTALS-Kyber was successfully selected in July 2022 and standardized in August 2024. It becomes urgent to further evaluate Kyber's physical security for the upcoming deployment phase. In this brief, we present an improved two-step attack on Kyber to quickly recover the full secret key, s, by using much fewer energy traces and less time. In the first step, we use the correlation power analysis (CPA) to obtain a portion of guess values of s with a small number of energy traces. The CPA is enhanced by utilizing both the Pearson and Kendall's rank correlation coefficients and modifying the leakage model to improve the accuracy. In the second step, we adopt the lattice attack to recover s based on the results of CPA. The success rate is largely built up by constructing a trial-and-error method. We implement the proposed attack for the reference implementation of Kyber512 (4 128-value groups of s) on ARM Cortex-M4 and successfully recover a 128-value group of s in about 9 minutes using a 16-core machine. Additionally, in that case, we only cost at most 60 CPA guess values for a group and 15 power traces for a guess.

Cryptography and Security

Tim Fritzmann,Michiel Van Beirendonck,Debapriya Basu Roy,Patrick Karl,Thomas Schamberger,Ingrid Verbauwhede,Georg Sigl

DOI: https://doi.org/10.46586/tches.v2022.i1.414-460

2021-11-19

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Side-channel attacks can break mathematically secure cryptographic systems leading to a major concern in applied cryptography. While the cryptanalysis and security evaluation of Post-Quantum Cryptography (PQC) have already received an increasing research effort, a cost analysis of efficient side-channel countermeasures is still lacking. In this work, we propose a masked HW/SW codesign of the NIST PQC finalists Kyber and Saber, suitable for their different characteristics. Among others, we present a novel masked ciphertext compression algorithm for non-power-of-two moduli. To accelerate linear performance bottlenecks, we developed a generic Number Theoretic Transform (NTT) multiplier, which, in contrast to previously published accelerators, is also efficient and suitable for schemes not based on NTT. For the critical non-linear operations, masked HW accelerators were developed, allowing a secure execution using RISC-V instruction set extensions. With the proposed design, we achieved a cycle count of K:214k/E:298k/D:313k for Kyber and K:233k/E:312k/D:351k for Saber with NIST Level III parameter sets. For the same parameter sets, the masking overhead for the first-order secure decapsulation operation including randomness generation is a factor of 4.48 for Kyber (D:1403k)and 2.60 for Saber (D:915k).

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang

DOI: https://doi.org/10.1109/a-sscc58667.2023.10347915

2023-01-01

Abstract:Most information is transmitted through untrusted channels, and people use traditional asymmetric encryption methods/algorithms to prevent information leakage. Post-quantum cryptography (PQC) alternatives are refining to counter the possibility of brute-forcing encryption in finite time with progressively feasible quantum computers. As the winner of the NIST PQC project global competition, CRYSTALS-KYBER (Kyber) has a balance of security and efficiency. This paper proposes an efficient ASIC for chip-level applications of Kyber. Configurable operators and data generators are designed. Separation of secure memory and public memory from bus arbiter ensures leak-proof of critical information. A unified command and control system schedule execution process and data interaction. The proposed Kyber processor is fabricated and properly verified at a 40nm process, achieving high energy efficiency for the execution of the Kyber key encapsulation mechanism (KEM).

Muyan Shen,Chi Cheng,Xiaohan Zhang,Qian Guo,Tao Jiang

DOI: https://doi.org/10.46586/tches.v2023.i1.89-112

2022-01-01

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Side-channel resilience is a crucial feature when assessing whether a postquantum cryptographic proposal is sufficiently mature to be deployed. In this paper, we propose a generic and efficient adaptive approach to improve the sample complexity (i.e., the required number of traces) of plaintext-checking (PC) oracle-based sidechannel attacks (SCAs), a major class of key recovery chosen-ciphertext SCAs on lattice-based key encapsulation mechanisms (KEMs). This new approach is preferable when the constructed PC oracle is imperfect, which is common in practice, and its basic idea is to design new detection codes that can determine erroneous positions in the initially recovered secret key. These secret entries are further corrected with a small number of additional traces. This work benefits from the generality of PC oracle and thus is applicable to various schemes and implementations.Our main target is Kyber since it has been selected by NIST as the KEM algorithm for standardization. We instantiated the proposed generic attack on Kyber512 and then conducted extensive computer simulations against Kyber512 and FireSaber. We further mounted an electromagnetic (EM) attack against an optimized implementation of Kyber512 in the pqm4 library running on an STM32F407G board with an ARM Cortex-M4 microcontroller. These simulations and real-world experiments demonstrate that the newly proposed attack could greatly improve the state-of-the-art in terms of the required number of traces. For instance, the new attack requires only 41% of the EM traces needed in a majority-voting attack in our experiments, where the raw oracle accuracy is fixed.

Aobo Li,Jiahao Lu,Dongsheng Liu,Xiang Li,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang

DOI: https://doi.org/10.1109/A-SSCC58667.2023.10347915

2023-01-01

Abstract:Most information is transmitted through untrusted channels, and people use traditional asymmetric encryption methods/algorithms to prevent information leakage. Post-quantum cryptography (PQC) alternatives are refining to counter the possibility of brute-forcing encryption in finite time with progressively feasible quantum computers. As the winner of the NIST PQC project global competition, CRYSTALS-KYBER (Kyber) has a balance of security and efficiency. This paper proposes an efficient ASIC for chip-level applications of Kyber. Configurable operators and data generators are designed. Separation of secure memory and public memory from bus arbiter ensures leak-proof of critical information. A unified command and control system schedule execution process and data interaction. The proposed Kyber processor is fabricated and properly verified at a 40nm process, achieving high energy efficiency for the execution of the Kyber key encapsulation mechanism (KEM).

Pierre-Augustin Berthet

2024-09-24

Abstract:Due to developments in quantum computing, classical asymmetric cryptography is at risk of being breached. Consequently, new Post-Quantum Cryptography (PQC) primitives using lattices are studied. Another point of scrutiny is the resilience of these new primitives to Side Channel Analysis (SCA), where an attacker can study physical leakages. In this work we discuss a SCA vulnerability due to the ciphertext malleability of some PQC primitives exposed by a work from Ravi et al. We propose a novel countermeasure to this vulnerability exploiting the same ciphertext malleability and discuss its practical application to several PQC primitives. We also extend the seminal work of Ravi et al. by detailling their attack on the different security levels of a post-quantum Key Encapsulation Mechanism (KEM), namely FrodoKEM.

Cryptography and Security

ZHAO Xin-jie,GUO Shi-ze,WANG Tao,ZHANG Fan

DOI: https://doi.org/10.3969/j.issn.1671-1742.2012.06.001

2012-01-01

Abstract:The security of EPCBC,a lightweight block cipher proposed in CANS 2011,against the side-channel cube attack is evaluated by combining cube cryptanalysis with side-channel attack under the 8-bit Hamming weight leakage model.Under the black-box attack scenario,the adversary firstly generates random cube and superpoly.Then the cube is used to generate chosen plaintexts.The adversary deduces one bit of the intermediate state from the side-channel attack for each chosen plaintext and computes the high order differences of these one bit values to verify the relations between the cube and superpoly.Simulation experiments are launched on two variants of EPCBC with different block lengths.The results demonstrate that the unprotected implementation of EPCBC is vulnerable to side-channel cube attacks.If the adversary can accurately deduce the Hamming weight of the intermediate states from the side-channel leakages,many cubes and superpolys can be extracted and used for key recovery.372 chosen plaintexts can recover 48-bit of the master key for EPCBC(48,96) and reduce the key search space to 248.610 chosen plaintexts can recover full 96-bit of the master key for EPCBC(96,96) directly.The techniques of this paper can provide certain references to black-box side-channel cube attacks on other block ciphers.

Aobo Li,Jiahao Lu,Dongsheng Liu,Shuo Yang,Tianze Huang,Jiaming Zhang,Siqi Xiong,Chenjun Yang,Xiang Li

DOI: https://doi.org/10.1109/esserc62670.2024.10719541

2024-01-01

Abstract:Due to the existence of store-now-decrypt-later attack strategies, the world urgently needs alternative postquantum cryptographic (PQC) solutions. The lattice-based PQC algorithm CRYSTALS-KYBER (Kyber) is widely recognized as a standardization for its good performance and security. We propose a compact and efficient Kyber processor architecture for resource-constrained edge computing. Lightweight SHA-3 with half-fold keccak and samplers provide high-quality discrete distribution coefficient generation with energy-saving features. Modular arithmetic elements are configured as variable structures for different types of fast polynomial computations. The proposed architecture is fabricated under 40 nm process, and ASIC results show that the processor occupies $0.34 \mathrm{~mm}^{2}$ and 253 k equivalent gates with minimum 7 KB memory and the lowest power $273 \mu \mathrm{~W}$. Compared to similar works, we reduce the power by $50 \%$, improve the $6.1 \times$ energy optimization, $8 \times$ area and achieve state-of-the-art in energy efficiency.

Suparna Kundu,Siddhartha Chowdhury,Sayandeep Saha,Angshuman Karmakar,Debdeep Mukhopadhyay,Ingrid Verbauwhede

2024-01-25

Abstract:Post-quantum cryptographic (PQC) algorithms, especially those based on the learning with errors (LWE) problem, have been subjected to several physical attacks in the recent past. Although the attacks broadly belong to two classes - passive side-channel attacks and active fault attacks, the attack strategies vary significantly due to the inherent complexities of such algorithms. Exploring further attack surfaces is, therefore, an important step for eventually securing the deployment of these algorithms. Also, it is important to test the robustness of the already proposed countermeasures in this regard. In this work, we propose a new fault attack on side-channel secure masked implementation of LWE-based key-encapsulation mechanisms (KEMs) exploiting fault propagation. The attack typically originates due to an algorithmic modification widely used to enable masking, namely the Arithmetic-to-Boolean (A2B) conversion. We exploit the data dependency of the adder carry chain in A2B and extract sensitive information, albeit masking (of arbitrary order) being present. As a practical demonstration of the exploitability of this information leakage, we show key recovery attacks of Kyber, although the leakage also exists for other schemes like Saber. The attack on Kyber targets the decapsulation module and utilizes Belief Propagation (BP) for key recovery. To the best of our knowledge, it is the first attack exploiting an algorithmic component introduced to ease masking rather than only exploiting the randomness introduced by masking to obtain desired faults (as done by Delvaux). Finally, we performed both simulated and electromagnetic (EM) fault-based practical validation of the attack for an open-source first-order secure Kyber implementation running on an STM32 platform.

Cryptography and Security

Daniel Heinz,Thomas Popelmann

DOI: https://doi.org/10.1109/tc.2022.3197073

IF: 3.183

2023-03-15

IEEE Transactions on Computers

Abstract:The progress on constructing quantum computers and the ongoing standardization of post-quantum cryptography (PQC) have led to the development and refinement of promising new digital signature schemes and key encapsulation mechanisms (KEM). Especially lattice-based schemes have gained some popularity in the research community, presumably due to acceptable key, ciphertext, and signature sizes as well as good performance results and cryptographic strength. However, in some practical applications like smart cards, it is also crucial to secure cryptographic implementations against side-channel and fault attacks. In this work, we analyze the so-called redundant number representation (RNR) that can be used to counter side-channel attacks. We show how to avoid security issues with the RNR due to unexpected de-randomization and we apply it to the Kyber KEM and show that the RNR has a very low overhead. We then verify the RNR methodology by practical experiments, using the non-specific t-test methodology and the ChipWhisperer platform. Furthermore, we present a novel countermeasure against fault attacks based on the Chinese remainder theorem (CRT). On an ARM Cortex-M4, our implementation of the RNR and fault countermeasure offers better performance than masking and redundant calculation. Our methods thus have the potential to expand the toolbox of a defender implementing lattice-based cryptography with protection against two common physical attacks.

engineering, electrical & electronic,computer science, hardware & architecture

Huaxin Wang,Yiwen Gao,Yuejun Liu,Qian Zhang,Yongbin Zhou

DOI: https://doi.org/10.1186/s42400-024-00209-9

2024-06-05

Abstract:During the standardisation process of post-quantum cryptography, NIST encourages research on side-channel analysis for candidate schemes. As the recommended lattice signature scheme, CRYSTALS-Dilithium, when implemented on hardware, has seen limited research on side-channel analysis, and current attacks are incomplete or requires a substantial quantity of traces. Therefore, we conducted a more complete analysis to investigate the leakage of an FPGA implementation of CRYSTALS-Dilithium using the Correlation Power Analysis (CPA) method, where with a minimum of 70,000 traces partial private key coefficients can be recovered. Furthermore, we optimise the attack by extracting Point-of-Interests using known information due to parallelism (named CPA-PoI) and by iteratively utilising parallel leakages (named CPA-ITR). Our experimental results show that CPA-PoI reduces the number of traces by up to 16.67%, CPA-ITR by up to 25%, and both increase the number of recovered key coefficients by up to 55.17% and 93.10% using the same number of traces. They outperfom the CPA method. As a result, it suggests that the FPGA implementation of CRYSTALS-Dilithium is more vulnerable than thought before to side-channel analysis.

Dejun Xu,Kai Wang,Jing Tian

2024-07-03

Abstract:CRYSTALS-Kyber (a.k.a. Kyber) has been drafted to be standardized as the only key encapsulation mechanism (KEM) scheme by the national institute of standards and technology (NIST) to withstand attacks by large-scale quantum computers. However, the side-channel attack (SCA) on its implementation is still needed to be well considered for the upcoming migration. In this brief, we propose a secure and efficient hardware implementation for Kyber by incorporating a novel compact shuffling architecture. First of all, we modify the Fisher-Yates shuffle to make it more hardware-friendly. We then design an optimized shuffling architecture for the well-known open-source Kyber hardware implementation to enhance the security of all the potential side-channel leakage points. Finally, we implement the modified Kyber design on FPGA and evaluate its security and performance. The security is verified by conducting the correlation power analysis (CPA) attacks on the hardware. Meanwhile, FPGA place-and-route results show that the proposed design reports only 8.7% degradation on the hardware efficiency compared with the original unprotected version, much better than existing hiding schemes.

Cryptography and Security

Xinjie Zhao,Shize Guo,Fan Zhang,Tao Wang,Zhijie Shi,Huiying Liu,Keke Ji,Jing Huang

DOI: https://doi.org/10.1016/j.jss.2012.11.007

IF: 3.5

2013-01-01

Journal of Systems and Software

Abstract:The side-channel cube attack (SCCA) is a powerful cryptanalysis technique that combines the side-channel and cube attack. This paper proposes several advanced techniques to improve the Hamming weight-based SCCA (HW-SCCA) on the block cipher PRESENT. The new techniques utilize non-linear equations and an iterative scheme to extract more information from leakage. The new attacks need only 2^8^.^9^5 chosen plaintexts to recover 72 key bits of PRESENT-80 and 2^9^.^7^8 chosen plaintexts to recover 121 key bits of PRESENT-128. To the best of our knowledge, these are the most efficient SCCAs on PRESENT-80/128. To show the feasibility of the proposed techniques, real attacks have been conducted on PRESENT on an 8-bit microcontroller, which are the first SCCAs on PRESENT on a real device. The proposed HW-SCCA can successfully break PRESENT implementations even if they have some countermeasures such as random delay and masking.