Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

A side-channel attack on a masked IND-CCA secure saber KEM implementation

Ngo, Kalle ; Dubrova, Elena ; Guo, Qian LU and Johansson, Thomas LU orcid (2021) In IACR Transactions on Cryptographic Hardware and Embedded Systems 2021(4). p.676-707
Abstract

In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a... (More)

In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.

(Less)
Please use this url to cite or link to this publication:
author
; ; and
organization
publishing date
type
Contribution to journal
publication status
published
subject
keywords
Deep learning, LWE/LWR-based KEM, Post-quantum cryptography, Power analysis, Public-key cryptography, Saber KEM, Side-channel attack
in
IACR Transactions on Cryptographic Hardware and Embedded Systems
volume
2021
issue
4
pages
676 - 707
publisher
Ruhr-University of Bochum
external identifiers
  • scopus:85118420523
ISSN
2569-2925
DOI
10.46586/tches.v2021.i4.676-707
project
Lightweight Cryptography for Autonomous Vehicles
language
English
LU publication?
yes
additional info
Publisher Copyright: © 2021, Ruhr-University of Bochum. All rights reserved.
id
3cc7371e-3ef7-415c-864b-d7f88212894b
date added to LUP
2021-11-29 11:13:52
date last changed
2023-09-13 06:39:21
@article{3cc7371e-3ef7-415c-864b-d7f88212894b,
  abstract     = {{<p>In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.</p>}},
  author       = {{Ngo, Kalle and Dubrova, Elena and Guo, Qian and Johansson, Thomas}},
  issn         = {{2569-2925}},
  keywords     = {{Deep learning; LWE/LWR-based KEM; Post-quantum cryptography; Power analysis; Public-key cryptography; Saber KEM; Side-channel attack}},
  language     = {{eng}},
  number       = {{4}},
  pages        = {{676--707}},
  publisher    = {{Ruhr-University of Bochum}},
  series       = {{IACR Transactions on Cryptographic Hardware and Embedded Systems}},
  title        = {{A side-channel attack on a masked IND-CCA secure saber KEM implementation}},
  url          = {{http://dx.doi.org/10.46586/tches.v2021.i4.676-707}},
  doi          = {{10.46586/tches.v2021.i4.676-707}},
  volume       = {{2021}},
  year         = {{2021}},
}