Abstract
We present a single-trace attack against lattice-based KEMs using the cumulative distribution table for Gaussian sampling and execute it in a real-world environment. Our analysis takes a single power trace of the decapsulation algorithm as input and exploits leakage of the Gaussian sampling subroutine to reveal the session key. We investigated the feasibility of the attack on different boards and proved that the power consumption traces become less informative with higher clock frequencies. Therefore, we introduce a machine-learning denoising technique, which enhances the accuracy of our attack and leverages its success rate to 100%.
We accomplish the attack on FrodoKEM, a lattice-based KEM and third-round alternate candidate. We execute it on a Cortex-M4 board equipped with an STM32F4 micro-controller clocked at different frequencies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The implementation of our attack can be found at https://github.com/Soundes-M/Soundes-M-FrodoKEMSingleTrace-/settings.
- 2.
We use in our experiments the STM32F4 target board which has 1 MB of Flash memory and 192 KB of RAM.
- 3.
We mean here the power consumption of the device while running a cryptographic operation.
References
Netherlands National Communications Security Agency. Prepare for the threat of quantum-computers (2022). https://english.aivd.nl/publications/publications/2022/01/18/prepare-for-the-threat-of-quantumcomputers
Alkim, F., et al.: Frodokem: learning with errors key encapsulation. Github. https://github.com/microsoft/PQCrypto-LWEKE
Aydin, E., Aysu, A., Tiwari, M., Gerstlauer, A., Orshansky, M.: Horizontal side-channel vulnerabilities of post-quantum key exchange and encapsulation protocols. ACM Trans. Embed. Comput. Syst. 20(6), October 2021
Bos, J., et al.: Take off the ring! practical, quantum-secure key exchange from lwe. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1006–1018 (2016)
Bos, J.W., Friedberger, S., Martinoli, M., Oswald, E., Stam, M.: Fly, you fool! faster frodo for the arm cortex-m4. Cryptology ePrint Archive (2018)
Castryck, W., Iliashenko, I., Vercauteren, F.: Provably weak instances of ring-lwe revisited, May 2016
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3
Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Bimodal lattice signature scheme (bliss). https://wiki.strongswan.org/projects/strongswan/wiki/BLISS
Federal Office for Information Security (BSI). Bsi tr-02102-1: “cryptographic mechanisms: Recommendations and key lengths” version: 2022–1, 2022. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.html
NewAE Technology Inc. https://www.mouser.com/datasheet/2/894/NAE-CW308-datasheet-1289269.pdf
Inci, M.S., Gulmezoglu, B., Irazoqui, G., Eisenbarth, T., Sunar, B.: Cache attacks enable bulk key recovery on the cloud, August 2016
Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: PQM4: Post-quantum crypto library for the ARM Cortex-M4. https://github.com/mupq/pqm4
Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: pqm4: testing and benchmarking NIST PQC on ARM cortex-m4. IACR Cryptol. ePrint Arch., p. 844 (2019)
Kim, S., Hong, S.: Single trace analysis on constant time cdt sampler and its countermeasure. Appl. Sci. 8(10) (2018)
Knuth, D.E.: Art of computer programming, volume 2: Seminumerical algorithms. Addison-Wesley Professional (2014)
Lerman, L., Poussier, R., Bontempi, G., Markowitch, O., Standaert, F.-X.: Template attacks vs. machine learning revisited (and the curse of dimensionality in side-channel analysis). In: Mangard, S., Poschmann, A.Y. (eds.) Constructive Side-Channel Analysis and Secure Design, pp. 20–33. Springer, Cham (2015)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Springer, Heidelberg (2007)
Marzougui, S., Krämer, J.: Post-quantum cryptography in embedded systems (2019)
Marzougui, S., Ulitzsch, V., Tibouchi, M., Seifert, J.-P.: Profiling side-channel attacks on dilithium: a small bit-fiddling leak breaks it all. Cryptology ePrint Archive, Paper 2022/106, 2022. https://eprint.iacr.org/2022/106
Marzougui, S., Wisiol, N., Gersch, P., Krämer, J., Seifert, J.-P.: Machine-learning side-channel attacks on the galactics constant-time implementation of bliss (2021)
Mosca, M.: Cybersecurity in an era with quantum computers: will we be ready? IEEE Secur. Privacy 16(5), 38–41 (2018)
Ngo, K., Dubrova, E., Guo, Q., Johansson, T.: A side-channel attack on a masked ind-cca secure saber kem implementation. IACR Trans. Cryptographic Hardware Embedded Syst., 676–707 (2021)
National Institute of standards and technology. Nist pqc standardization process. https://csrc.nist.gov/Projects/post-quantum-cryptography
Paul, S., Schick, F., Seedorf, J.: Tpm-based post-quantum cryptography: a case study on quantum-resistant and mutually authenticated tls for iot environments. In: The 16th International Conference on Availability, Reliability and Security, ARES 2021. Association for Computing Machinery, New York (2021)
Pessl, P.: Analyzing the shuffling side-channel countermeasure for lattice-based signatures. In: Dunkelman, O., Sanadhya, S.K. (eds.) INDOCRYPT 2016. LNCS, vol. 10095, pp. 153–170. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49890-4_9
Ravi, P., Roy, S.S., Chattopadhyay, A., Bhasin, S.: Generic side-channel attacks on cca-secure lattice-based pke and kems. IACR Trans. Cryptographic Hardware Embedded Syst. 2020(3), 307–335 (2020)
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), September 2009
Rhode and Schwarz. Kryptogeräte. https://www.rohde-schwarz.com/de/produkte/aerospace-verteidigung-sicherheit/kryptogeraete_230846.html
Schneider, T., Paglialonga, C., Oder, T., Güneysu, T.: Efficiently masking binomial sampling at arbitrary orders for lattice-based crypto. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 534–564. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17259-6_18
Scikit learn. scikit-learn machine learning in python. https://scikit-learn.org/stable/
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)
Sim, B.-Y., et al.: Single-trace attacks on message encoding in lattice-based kems. IEEE Access 8, 183175–183191 (2020)
Stebila, D., Mosca, M.: liboqs is an open source C library for quantum-safe cryptographic algorithms., Cortex-M4. https://github.com/open-quantum-safe/liboqs
Ulitzsch, V.Q., Park, S., Marzougui, S., Seifert, J.-P.: A post-quantum secure subscription concealed identifier for 6g. In: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2022, pp. 157–168. Association for Computing Machinery, New York (2022)
Utimaco. What is a hardware security module (hsm). https://utimaco.com/de/produkte/technologien/hardware-security-modules/what-hardware-security-module-hsm
Wang, H., Brisfors, M., Forsmark, S., Dubrova, E.: How diversity affects deep-learning side-channel attacks. In: 2019 IEEE Nordic Circuits and Systems Conference (NORCAS): NORCHIP and International Symposium of System-on-Chip (SoC), pp. 1–7 (2019)
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-vm side channels and their use to extract private keys. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 305–316. Association for Computing Machinery, New York (2012)
Zhao, R.K., Steinfeld, R., Sakzad, A.: Facct: Fast, compact, and constant-time discrete gaussian sampler over integers. IEEE Trans. Comput. 69(1), 126–137 (2020)
Acknowledgment
The work described in this paper has been supported by the German Federal Ministry of Education and Research (BMBF) under the project Full Lifecycle Post-Quantum PKI - FLOQI (ID 16KIS1074) and under the project Aquorypt (ID 16KIS1022).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Marzougui, S., Kabin, I., Krämer, J., Aulbach, T., Seifert, JP. (2023). On the Feasibility of Single-Trace Attacks on the Gaussian Sampler Using a CDT. In: Kavun, E.B., Pehl, M. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2023. Lecture Notes in Computer Science, vol 13979. Springer, Cham. https://doi.org/10.1007/978-3-031-29497-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-29497-6_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-29496-9
Online ISBN: 978-3-031-29497-6
eBook Packages: Computer ScienceComputer Science (R0)