First-order collision attack on protected NTRU cryptosystem

Zheng, Xuexin; Wang, An; Wei, Wei

doi:10.1016/j.micpro.2013.04.008

Cited by 16 publications

(10 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another method would consist in finding collisions through high correlation coefficients between consecutive peaks around the area of interest (see e.g. [31] for such kind of approach in a power analysis context).…”

Section: 4mentioning

confidence: 99%

Security Assessment of NTRU Against Non-Profiled SCA

Bettale¹,

Eynard

Montoya

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

NTRU was first introduced by J. Hoffstein, J. Pipher and J.H Silverman in 1998. Its security, efficiency and compactness properties have been carefully studied for more than two decades. A key encapsulation mechanism (KEM) version was even submitted to the NIST standardization competition and made it to the final round. Even though it has not been chosen to be a new standard, NTRU remains a relevant, practical and trustful post-quantum cryptographic primitive. In this paper, we investigate the side-channel resistance of the NTRU Decrypt procedure. In contrast with previous works about side-channel analysis on NTRU, we consider a weak attacker model and we focus on an implementation that incorporates some side-channel countermeasures. The attacker is assumed to be unable to mount powerful attacks by using templates or by forging malicious ciphertexts for instance. In this context, we show how a non-profiled side-channel analysis can be done against a core operation of NTRU decryption. Despite the considered countermeasures and the weak attacker model, our experiments show that the secret key can be fully retrieved with a few tens of traces.

show abstract

Section: 4mentioning

confidence: 99%

Security Assessment of NTRU Against Non-Profiled SCA

Bettale¹,

Eynard

Montoya

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…In this paper, we propose the first single trace side channel analysis (STA) against on both NTRU Open Source and NTRUEncrypt with experimental results, and propose a countermeasure. Previous SCA on NTRU [7][8][9] targeted the polynomial multiplication between the cipher-text and the secret key. However, since NTRU was patented until 2017, existing SCAs on NTRU are based on the assumption that publicized polynomial multiplications are used in the decryption process.…”

Section: Our Contributionmentioning

confidence: 99%

“…In 2013, a first-order collision attack was proposed in [8] with the purpose of incapacitating the countermeasure proposed in [7]. Their attack against the first-order countermeasure is an improvement in [8] since the attack is performed with 5,000 traces. The target of the attack was when the same registers are loaded during the multiplication.…”

Section: Previous Side Channel Analysis On Ntrumentioning

confidence: 99%

“…The target of the attack was when the same registers are loaded during the multiplication. Overall, the decryption code used for the analysis in [7] and [8] was not an official implementation. Although the proposed attacks can be applied to official implementation, the attack environment is restricted to the case where multiple executions of NTRU with the same key is possible.…”

Section: Previous Side Channel Analysis On Ntrumentioning

confidence: 99%

“…Even though the cryptographic algorithm is theoretically safe, the private key or secret message can be exposed by the side-channel leakage when executing the algorithm. In this regard, there are previous studies on SCA on NTRU by Lee et al [7] and Zheng et al [8]. They performed DPA on NTRU and revealed the secret key.…”

Section: Introductionmentioning

confidence: 97%

See 2 more Smart Citations

Single Trace Side Channel Analysis on NTRU Implementation

Kim

Jin

et al. 2018

Applied Sciences

View full text Add to dashboard Cite

As researches on the quantum computer have progressed immensely, interests in post-quantum cryptography have greatly increased. NTRU is one of the well-known algorithms due to its practical key sizes and fast performance along with the resistance against the quantum adversary. Although NTRU has withstood various algebraic attacks, its side-channel resistance must also be considered for secure implementation. In this paper, we proposed the first single trace attack on NTRU. Previous side-channel attacks on NTRU used numerous power traces, which increase the attack complexity and limit the target algorithm. There are two versions of NTRU implementation published in succession. We demonstrated our attack on both implementations using a single power consumption trace obtained in the decryption phase. Furthermore, we propose a countermeasure to prevent the proposed attacks. Our countermeasure does not degrade in terms of performance.

show abstract