Prasanna Ravi scite author profile

In this work, we demonstrate generic and practical EM side-channel assisted chosen ciphertext attacks over multiple LWE/LWR-based Public Key Encryption (PKE) and Key Encapsulation Mechanisms (KEM) secure in the chosen ciphertext model (IND-CCA security). We show that the EM side-channel information can be efficiently utilized to instantiate a plaintext checking oracle, which provides binary information about the output of decryption, typically concealed within IND-CCA secure PKE/KEMs, thereby enabling our attacks. Firstly, we identified EM-based side-channel vulnerabilities in the error correcting codes (ECC) enabling us to distinguish based on the value/validity of decrypted codewords. We also identified similar vulnerabilities in the Fujisaki-Okamoto transform which leaks information about decrypted messages applicable to schemes that do not use ECC. We subsequently exploit these vulnerabilities to demonstrate practical attacks applicable to six CCA-secure lattice-based PKE/KEMs competing in the second round of the NIST standardization process. We perform experimental validation of our attacks on implementations taken from the open-source pqm4 library, running on the ARM Cortex-M4 microcontroller. Our attacks lead to complete key-recovery in a matter of minutes on all the targeted schemes, thus showing the effectiveness of our attack.

show abstract

On Exploiting Message Leakage in (Few) NIST PQC Candidates for Practical Message Recovery Attacks

Ravi

Bhasin

Roy

et al. 2022

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Number “Not Used” Once - Practical Fault Attack on pqm4 Implementations of NIST Candidates

Ravi

Roy

Bhasin

et al. 2019

View full text Add to dashboard Cite

Authentication Protocol for Secure Automotive Systems: Benchmarking Post-Quantum Cryptography

Ravi¹,

Sundar²,

Chattopadhyay³

et al. 2020

View full text Add to dashboard Cite

Improving Speed of Dilithium’s Signing Procedure

Ravi

Sengupta

Chattopadhyay

et al. 2020

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Prasanna Ravi

Generic Side-channel attacks on CCA-secure lattice-based PKE and KEMs

On Exploiting Message Leakage in (Few) NIST PQC Candidates for Practical Message Recovery Attacks

Number “Not Used” Once - Practical Fault Attack on pqm4 Implementations of NIST Candidates

Authentication Protocol for Secure Automotive Systems: Benchmarking Post-Quantum Cryptography

Improving Speed of Dilithium’s Signing Procedure

Contact Info

Product

Resources

About