Chosen-Ciphertext Clustering Attack on CRYSTALS-KYBER Using the Side-Channel Leakage of Barrett Reduction

Sim, Bo-Yeon; Park, Aesun; Han, Dong‐Guk

doi:10.1109/jiot.2022.3179683

Cited by 11 publications

(2 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several vulnerabilities have been discovered in the implementations of LWE/ LWR-based PKE/KEMs, including incremental storage vulnerability [21], weakness of re-encryption operation in Fujisaki-Okamoto transform [27] and weakness of polynomial multiplication [16]. For CRYSTALS-Kyber, secret key information has also been extracted through Barrentt reduction procedure [15,26].…”

Section: Known Vulnerabilitiesmentioning

confidence: 99%

A Message Recovery Attack on LWE/LWR-Based PKE/KEMs Using Amplitude-Modulated EM Emanations

Wang

Ngo

Dubrova

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Creating a good deep learning model is an art which requires expertise in deep learning and a large set of labeled data for training neural networks. Neither is readily available. In this paper, we introduce a method that enables us to recover messages of LWE/LWR-based PKE/KEMs using simple multilayer perceptron (MLP) models trained on a small dataset. The core idea is to extend the attack dataset so that at least one of its traces has the ground truth label to which the models are biased towards. We demonstrate the effectiveness of the presented method on the examples of CRYSTALS-Kyber and Saber algorithms implemented in ARM Cortex-M4 CPU on nRF52832 system-on-chip supporting Bluetooth 5.2. We use amplitude-modulated EM emanations which are typically weaker and noisier than power or near-field EM side channels, and thus more difficult to exploit.

show abstract

Section: Known Vulnerabilitiesmentioning

confidence: 99%

A Message Recovery Attack on LWE/LWR-Based PKE/KEMs Using Amplitude-Modulated EM Emanations

Wang

Ngo

Dubrova

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…However, lattice-based schemes remain vulnerable to sidechannel attacks [5], [6], [7], in particular when they are combined with chosen-ciphertext attacks [8], [9]. Among these, single-trace attacks are especially troubling, since they allow an attacker to determine secret information by observing a single cryptographic operation, and are often difficult to protect against.…”

Section: Introductionmentioning

confidence: 99%

Improving Single-Trace Attacks on the Number-Theoretic Transform for Cortex-M4

Assael,

Elbaz-Vincent,

Reymond

2023

2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

View full text Add to dashboard Cite

The Number-Theoretic Transform (NTT) is a key feature for the efficiency of numerous lattice-based cryptographic schemes. The arithmetic structure of that operation makes it an important target for soft-analytical side-channel attacks, that are powerful single-trace side-channel attacks exploiting known arithmetic structure to improve noise tolerance. Among others, Pessl et al. used the belief-propagation technique to attack a software implementation of the Kyber key encapsulation mechanism for Arm Cortex-M4 microcontrollers. However, that implementation has since been thoroughly optimized, in particular through the use of an improved version of Plantard modular arithmetic. In this paper, we describe how we successfully attack the latest available version of this implementation. We show that precise knowledge of the implementation at hand allows for better performance of the belief-propagation technique. By modeling each individual arithmetic operation performed by the microcontroller, we are able to recover the secret values processed during the NTT, even with very noisy side-channel leakage. We also study some strategies for the attacker to either maximize the success rate, or minimize the runtime of the attack.

show abstract

A Side-Channel Secret Key Recovery Attack on CRYSTALS-Kyber Using k Chosen Ciphertexts

Wang

Dubrova

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Chosen-Ciphertext Clustering Attack on CRYSTALS-KYBER Using the Side-Channel Leakage of Barrett Reduction

Cited by 11 publications

References 39 publications

A Message Recovery Attack on LWE/LWR-Based PKE/KEMs Using Amplitude-Modulated EM Emanations

A Message Recovery Attack on LWE/LWR-Based PKE/KEMs Using Amplitude-Modulated EM Emanations

Improving Single-Trace Attacks on the Number-Theoretic Transform for Cortex-M4

A Side-Channel Secret Key Recovery Attack on CRYSTALS-Kyber Using k Chosen Ciphertexts

Contact Info

Product

Resources

About