Exposing Side-Channel Leakage of SEAL Homomorphic Encryption Library

Authors:
Furkan Aydin

North Carolina State University, Raleigh, NC, USA

North Carolina State University, Raleigh, NC, USA
View Profile

,
Aydin Aysu

North Carolina State University, Raleigh, NC, USA

North Carolina State University, Raleigh, NC, USA
View Profile

ASHES'22: Proceedings of the 2022 Workshop on Attacks and Solutions in Hardware SecurityNovember 2022Pages 95–100https://doi.org/10.1145/3560834.3563833

Published:07 November 2022Publication History

ASHES'22: Proceedings of the 2022 Workshop on Attacks and Solutions in Hardware Security

Pages 95–100

ABSTRACT

This paper reveals a new side-channel leakage of Microsoft SEAL homomorphic encryption library. The proposed attack exploits the leakage of ternary value assignments made during the Number Theoretic Transform (NTT) sub-routine. Notably, the attack can steal the secret key coefficients from a single power/electromagnetic measurement trace. To achieve high accuracy with a single-trace, we build a novel machine-learning based side-channel profiler. Moreover, we implement a defense based on random delay insertion based defense mechanism to mitigate the shown leakage. The results on an ARM Cortex-M4F processor show that our attack extracts secret key coefficients with 98.3% accuracy and random delay insertion defense does not reduce the success rate of our attack.

References

F. Aydin, A. Aysu, M. Tiwari, A. Gerstlauer, and M. Orshansky. 2021. Horizontal Side-Channel Vulnerabilities of Post-Quantum Key Exchange and Encapsulation Protocols. ACM Transactions on Embedded Computing Systems, Vol. 20, 6 (2021), 1--22. https://doi.org/10.1145/3476799Google ScholarDigital Library
F. Aydin, E. Karabulut, S. Potluri, E. Alkim, and A. Aysu. 2022. RevEAL: Single-Trace Side-Channel Leakage of the SEAL Homomorphic Encryption Library. In 2022 Design, Automation & Test in Europe Conference & Exhibition (DATE). 99--117. https://doi.org/10.23919/DATE54114.2022.9774724Google Scholar
F. Boemer, Y. Lao, R. Cammarota, and C. Wierzynski. 2019. nGraph-HE: a graph compiler for deep learning on homomorphically encrypted data. In Proceedings of the 16th ACM International Conference on Computing Frontiers. 3--13.Google Scholar
E. Brier, C. Clavier, and F. Olivier. 2004. Correlation power analysis with a leakage model. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES). 16--29.Google Scholar
D. Campbell, R.A. Dunne, and N. A. Campbell. 1997. On The Pairing Of The Softmax Activation And Cross--Entropy Penalty Functions And The Derivation Of The Softmax Activation Function. In Australian Conference on Neural Networks. 181--185.Google Scholar
J.H. Cheon, A. Kim, M. Kim, and Y. Song. 2017. Homomorphic Encryption for Arithmetic of Approximate Numbers. In International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT). 409--437.Google Scholar
J.W. Cooley and J. W. Tukey. 1965. An algorithm for the machine calculation of complex Fourier series. Mathematics of Computation 19(90). , 297--301 pages.Google ScholarCross Ref
J.-S. Coron and I. Kizhvatov. 2009. An efficient method for random delay generation in embedded software. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES). 156--170.Google Scholar
J.-S. Coron and I. Kizhvatov. 2010. Analysis and Improvement of the Random Delay Countermeasure of CHES 2009. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES). 95--109.Google Scholar
N. Drucker and T. Pelleg. 2022. Timing Leakage Analysis of Non-constant-time NTT Implementations with Harvey Butterflies. In International Symposium on Cyber Security, Cryptology, and Machine Learning (CSCML). 99--117.Google Scholar
J. Fan and F. Vercauteren. 2012. Somewhat Practical Fully Homomorphic Encryption. IACR Cryptology ePrint Archive, Report 2012/144.Google Scholar
W.M. Gentleman, G. Sande, and P. Rohatgi. 1966. Fast fourier transforms: for fun and profit. In In Fall Joint Computer Conference (AFIPS). 563--578.Google Scholar
C. Gentry. 2009. Fully Homomorphic Encryption Using Ideal Lattices. In Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing. 169--178.Google ScholarDigital Library
S. Halevi and S. Shoup. 2014. Algorithms in HElib. In Advances in Cryptology - CRYPTO 2014 - 34th Annual Cryptology Conference. 554--571.Google Scholar
W.-L. Huang, J.-P. Chen, and B.-Y. Yang. 2019. Power analysis on NTRU Prime. IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), Vol. 2019, 1 (2019), 123--151. https://doi.org/10.13154/tches.v2020.i1.123--151Google ScholarCross Ref
I. T. Jolliffe. 2002. Principal Component Analysis. Springer New York, NY, 1--488.Google Scholar
P. Kashyap, F. Aydin, S. Potluri, P. Franzon, and A. Aysu. 2020. 2Deep: Enhancing side-channel attacks on lattice-based key-exchange. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), Vol. 40, 6 (2020), 1217--1229. https://doi.org/10.1109/TCAD.2020.3038701Google ScholarCross Ref
I. Kim, T. Lee, J. Han, B. Sim, and D. Han. 2020. Novel single-trace ML profiling attacks on NIST 3 round candidate Dilithium. IACR Cryptol. ePrint Arch., Report 2020/1383.Google Scholar
J. Kim, S. Picek, A. Henuser, S. Bhasin, and A. Hanjalic. 2019. Make some noise. Unleashing the power of convolutional neural networks for profiled side-channel analysis. IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), Vol. 2019, 3 (2019), 148--178. https://doi.org/10.13154/tches.v2019.i3.148--179Google ScholarCross Ref
Q. Li, Z. Huang, W. Lu, C. Hong, H. Qu, H. He, and W. Zhang. 2020. HomoPAI: A secure collaborative machine learning platform based on homomorphic encryption. In 2020 IEEE 36th International Conference on Data Engineering. 1713--1713.Google Scholar
V. Nair and G.E. Hinton. 2010. Rectified linear units improve restricted Boltzmann machines. In International Conference on Machine Learning (ICML). 807--814.Google Scholar
D. Natarajan and W. Dai. 2021. SEAL-Embedded: A Homomorphic Encryption Library for the Internet of Things. IACR Transactions on Cryptographic Hardware and Embedded Systems 3 (July 2021), 756--779.Google Scholar
P. Pessl and R. Primas. 2019. More practical single-trace attacks on the number theoretic transform. In International Conference on Cryptology and Information Security in Latin America (LATINCRYPT). 130--149.Google Scholar
Y. Polyakov, K. Rohloff, G. W. Ryan, and D. Cousins. 2022. PALASIDE lattice crypto library. https://gitlab.com/palisade/palisade-release/blob/master/doc/palisade_manual.pdf.Google Scholar
R. Primas, P. Pessl, and S. Mangard. 2017. Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES). 513--533.Google Scholar
P. Ravi, R. Poussier, S. Bhasin, and A. Chattopadhyay. 2020a. On configurable SCA countermeasures against single trace attacks for the NTT. 123--146.Google Scholar
P. Ravi, S. Roy, A. Chattopadhyay, and S. Bhasin. 2020b. Generic side-channel attacks on CCA-secure lattice-based PKE and KEMs. IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), Vol. 2020, 3 (2020), 307--335. https://doi.org/10.13154/tches.v2020.i3.307--335Google ScholarCross Ref
W. Wei X. Zheng, A. Wang. 2013. First-order collision attack on protected NTRU cryptosystem. Microprocessors & Microsystems , Vol. 37, 6--7 (2013), 601--609. ioGoogle ScholarDigital Library

Index Terms

Exposing Side-Channel Leakage of SEAL Homomorphic Encryption Library
1. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

Side-channel plaintext-recovery attacks on leakage-resilient encryption
DATE '17: Proceedings of the Conference on Design, Automation & Test in Europe

Differential power analysis (DPA) is a powerful tool to extract the key of a cryptographic implementation from observing its power consumption during the en-/decryption of many different inputs. Therefore, cryptographic schemes based on frequent re-...
Read More
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Modern operating systems use hardware support to protect against control-flow hijacking attacks such as code-injection attacks. Typically, write access to executable pages is prevented and kernel mode execution is restricted to kernel code pages only. ...
Read More
Side-channel leakage aware instruction scheduling
CS2 '17: Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems

Speed-optimized side-channel protected software implementations of block ciphers are important for the security of embedded IoT devices based on general-purpose microcontrollers. The recent work of Schwabe et al. published at SAC 2016 introduced a bit-...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ASHES'22: Proceedings of the 2022 Workshop on Attacks and Solutions in Hardware Security
November 2022
114 pages
ISBN:9781450398848
DOI:10.1145/3560834
General Chairs:
Chip Hong Chang
NTU Singapore
,
Ulrich Rührmair
LMU Munich and U Connecticut
,
Program Chairs:
Debdeep Mukhopadhyay
IIT Kharagpur
,
Domenic Forte
U of Florida
Copyright © 2022 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 7 November 2022
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- short-paper
Conference

Acceptance Rates
Overall Acceptance Rate6of20submissions,30%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 304
  Total Downloads
- Downloads (Last 12 months)169
- Downloads (Last 6 weeks)19
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Exposing Side-Channel Leakage of SEAL Homomorphic Encryption Library

ASHES'22: Proceedings of the 2022 Workshop on Attacks and Solutions in Hardware Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Side-channel plaintext-recovery attacks on leakage-resilient encryption

Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR

Side-channel leakage aware instruction scheduling