LDPC Strikes Again : New Key-Recovery Chosen-Ciphertext Side-Channel Attacks on NTRU-based KEMs

Tong, Xiaofei; Nabokov, Denis; Guo, Qian

LDPC Strikes Again : New Key-Recovery Chosen-Ciphertext Side-Channel Attacks on NTRU-based KEMs

Mark

Tong, Xiaofei ^LU ; Nabokov, Denis ^LU and Guo, Qian ^LU (2025)

Abstract: In this work, we introduce novel techniques for adapting the SCA-LDPC framework to conduct efficient plaintext-checking (PC) oracle-based side-channel attacks on NTRU-style Key Encapsulation Mechanisms (KEMs). We specifically address the unique algebraic structure of the NTRU and NTRU Prime schemes, demonstrating how to extract information related to secret variables from side channels and modeled as Low-Density Parity-Check (LDPC) codes. Then, we can recover the complete secret key using an iterative decoding method. For both NTRU and NTRU Prime schemes, our approach achieves significant reductions in the required number of measurements compared to previous state-of-the-art under similar oracle noise assumptions, validated through... (More); In this work, we introduce novel techniques for adapting the SCA-LDPC framework to conduct efficient plaintext-checking (PC) oracle-based side-channel attacks on NTRU-style Key Encapsulation Mechanisms (KEMs). We specifically address the unique algebraic structure of the NTRU and NTRU Prime schemes, demonstrating how to extract information related to secret variables from side channels and modeled as Low-Density Parity-Check (LDPC) codes. Then, we can recover the complete secret key using an iterative decoding method. For both NTRU and NTRU Prime schemes, our approach achieves significant reductions in the required number of measurements compared to previous state-of-the-art under similar oracle noise assumptions, validated through extensive simulations, and exhibits robustness against decision errors in the constructed oracle. Furthermore, we present the first documented power analysis attack targeting a first-order masked NTRU implementation. Using standard microcontroller hardware (ARM Cortex-M4), we successfully constructed a PC oracle achieving a low 0.5% decision error rate; importantly, within a practical cross-device setting where training and attack devices differ. Our experimental results demonstrate that approximately 1250 side-channel measurements are sufficient to recover the secret key in this challenging scenario, closely aligning with our simulation findings. These results underscore the vulnerability of first-order masking for NTRU against this attack vector and motivate the thorough evaluation of higher-order countermeasures. (Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/ad8182d5-6980-4900-9a75-48289ce70814

author

Tong, Xiaofei ^LU ; Nabokov, Denis ^LU and Guo, Qian ^LU

organization

publishing date

2025

type

Working paper/Preprint

publication status

published

subject

Security, Privacy and Cryptography

publisher

TechRxiv

DOI

10.36227/techrxiv.176288019.98130379/v1

language

English

LU publication?

yes

id

ad8182d5-6980-4900-9a75-48289ce70814

date added to LUP

2026-02-24 16:14:43

date last changed

2026-03-17 15:48:58

@misc{ad8182d5-6980-4900-9a75-48289ce70814,
  abstract     = {{In this work, we introduce novel techniques for adapting the SCA-LDPC framework to conduct efficient plaintext-checking (PC) oracle-based side-channel attacks on NTRU-style Key Encapsulation Mechanisms (KEMs). We specifically address the unique algebraic structure of the NTRU and NTRU Prime schemes, demonstrating how to extract information related to secret variables from side channels and modeled as Low-Density Parity-Check (LDPC) codes. Then, we can recover the complete secret key using an iterative decoding method. For both NTRU and NTRU Prime schemes, our approach achieves significant reductions in the required number of measurements compared to previous state-of-the-art under similar oracle noise assumptions, validated through extensive simulations, and exhibits robustness against decision errors in the constructed oracle. Furthermore, we present the first documented power analysis attack targeting a first-order masked NTRU implementation. Using standard microcontroller hardware (ARM Cortex-M4), we successfully constructed a PC oracle achieving a low 0.5% decision error rate; importantly, within a practical cross-device setting where training and attack devices differ. Our experimental results demonstrate that approximately 1250 side-channel measurements are sufficient to recover the secret key in this challenging scenario, closely aligning with our simulation findings. These results underscore the vulnerability of first-order masking for NTRU against this attack vector and motivate the thorough evaluation of higher-order countermeasures.}},
  author       = {{Tong, Xiaofei and Nabokov, Denis and Guo, Qian}},
  language     = {{eng}},
  note         = {{Preprint}},
  publisher    = {{TechRxiv}},
  title        = {{LDPC Strikes Again : New Key-Recovery Chosen-Ciphertext Side-Channel Attacks on NTRU-based KEMs}},
  url          = {{http://dx.doi.org/10.36227/techrxiv.176288019.98130379/v1}},
  doi          = {{10.36227/techrxiv.176288019.98130379/v1}},
  year         = {{2025}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

LDPC Strikes Again : New Key-Recovery Chosen-Ciphertext Side-Channel Attacks on NTRU-based KEMs