Random key rotation: Side-channel countermeasure of NTRU cryptosystem for resource-limited devices

Wang, An; Zheng, Xuexin; Tian, Wei; Xu, Rixin; Zhang, Guoshuang

doi:10.1016/j.compeleceng.2017.05.007

Cited by 7 publications

(4 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This was changed with [8] which showed that NTRU software implementation is vulnerable to correlation power analysis including a second-order power attack, and suggested three countermeasures (randomization of ciphertext, temporary array, and encoding of the private key). A few papers then studied the power analysis of NTRU [9,10], before NIST started its Post-Quantum Cryptography (PQC) standardization process where NTRU was submitted in two variants. Then, many researchers concentrated on the implementation and found many strong leakage points.…”

Section: Related Researchmentioning

confidence: 99%

Single-Trace Side-Channel Attacks on NTRU Implementation

Rabas,

Buček,

Lórencz

2024

SN COMPUT. SCI.

View full text Add to dashboard Cite

Most of the currently used cryptosystems are not secure in the presence of cryptographically relevant quantum computers. As the research in quantum technologies proceeds, a need for quantum-safe cryptography is imminent. NTRU is a post-quantum public-key cryptosystem based on lattices and was a finalist in the 3rd round of the post-quantum standardization process organized by the National Institute of Standards and Technology (NIST). This paper aims to study the implementation security of the cryptosystem with respect to an attacker with access to power leakage. Such a threat model is relevant especially, but not only, for embedded devices. We studied a countermeasure implementation of the NTRU decryption algorithm from An et al. (Appl Sci https://doi.org/10.3390/app8112014, 2018) that claimed its security against power attacks. This paper revisits an attack presented in as reported by Rabas (In: Proceedings of the 9th International Conference on Information Systems Security and Privacy, ICISSP 2023, Lisbon, 2023) that shows it is in fact vulnerable even in the case of just a single trace available to the enemy for extracting the key. We then describe a new profiling template attack on the implementation and show experimental results of the attack using the same datasets, resulting in a comparison of these two methods and further confirmation of the vulnerability of the algorithm even to generic profiling attacks. Several possible types of countermeasures are discussed.

show abstract

Section: Related Researchmentioning

confidence: 99%

Single-Trace Side-Channel Attacks on NTRU Implementation

Rabas,

Buček,

Lórencz

2024

SN COMPUT. SCI.

View full text Add to dashboard Cite

show abstract

“…By comparison, the proposed key update scheme in this work is a general solution scheme and all the keys are generated based on a primary key which is never visible outside of the TPM [41]. In [42], a shifter is used for producing randomness for the key rotation scheme. However, the shifting-based random number generator can only produce pseudo-random numbers.…”

Section: Security Analysismentioning

confidence: 99%

Key Update Countermeasure for Correlation-Based Side-Channel Attacks

et al. 2020

View full text Add to dashboard Cite

Side-channel analysis is a non-invasive form of attack that reveals the secret key of the cryptographic circuit by analyzing the leaked physical information. The traditional brute-force and cryptanalysis attacks target the weakness in the encryption algorithm, whereas side-channel attacks use statistical models such as differential analysis and correlation analysis on the leaked information gained from the cryptographic device during the run-time. As a non-invasive and passive attack, the side-channel attack brings a lot of difficulties for detection and defense. In this work, we propose a key update scheme as a countermeasure for power and electromagnetic analysis-based attacks on the cryptographic device. The proposed countermeasure utilizes a secure coprocessor to provide secure key generation and storage in a trusted environment. The experimental results show that the proposed key update scheme can mitigate side-channel attacks significantly.

show abstract

“…Researchers have also developed the sampling software on various platforms. For example, Inspector developed by Riscure and MathMagic [33], enables the leakage to be collected and stored on laptop computers and other advanced processors. CS can also be efficiently implemented on these platforms by integrating a small program to solve the inner product of observation matrix (see Section III-C) and power traces, thus improving sampling performance.…”

Section: B Our Contributionsmentioning

confidence: 99%