A Lattice Cipher  Template Attack Method Based on Recurrent Cryptography

YAN Yingjian; CHANG Yajing; ZHU Chunsheng; LIU Yanjiang

doi:10.11999/JEIT221164

Volume 45 Issue 12

Dec. 2023

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2023 > 45(12): 4530-4538

YAN Yingjian, CHANG Yajing, ZHU Chunsheng, LIU Yanjiang. A Lattice Cipher Template Attack Method Based on Recurrent Cryptography[J]. Journal of Electronics & Information Technology, 2023, 45(12): 4530-4538. doi: 10.11999/JEIT221164

Citation:

YAN Yingjian, CHANG Yajing, ZHU Chunsheng, LIU Yanjiang. A Lattice Cipher Template Attack Method Based on Recurrent Cryptography[J]. Journal of Electronics & Information Technology, 2023, 45(12): 4530-4538. doi: 10.11999/JEIT221164

Citation:

PDF( 4613 KB)

A Lattice Cipher Template Attack Method Based on Recurrent Cryptography

doi: 10.11999/JEIT221164

PLA Information Engineering University, Zhengzhou 450001, China

Funds: The National Natural Science Foundation of China (61832018)

Received Date: 2022-09-06
Rev Recd Date: 2022-10-27

Available Online: 2022-11-05

Publish Date: 2023-12-26

Abstract

Abstract

The energy leakage in the decapsulation process of lattice-based cryptography is analyzed and a message recovery method targeting the message decoding with profiling and ciphertexts rotation is proposed in this paper. The templates are constructed using Hamming weight model as well as Normalized Inter-Class Variance (NICV) for the intermediate state of decoded bytes. The special ciphertexts are built by rotating the original ciphertexts. Combining the energy leakage generated during the calculations, the secret messages and shared keys are recovered. Experiments and tests are carried out with Saber and its variants on the ChipWhisperer-STM32F303 board and the results indicate that the proposed method can successfully recover the secret message and shared key of the encapsulation stage. It only needs 900 energy traces to complete the construction for templates and a total of 32 power traces in recovering the secret message. The success rate of message recovery reaches 66.7% under the condition of no increasing the Signal-to-Noise Ratio (SNR), and 98.43% under the condition of sufficient SNR.
- Lattice-based cryptography,
- Energy leakage,
- Template analysis,
- Ciphertexts rotation,
- Saber algorithm

FullText(HTML)

References(19)

References

[1]	李子臣, 谢婷, 张卷美. 基于RLWE问题的后量子口令认证密钥交换协议[J]. 电子学报, 2021, 49(2): 260–267. doi: 10.12263/DZXB.20190101 LI Zichen, XIE Ting, and ZHANG Juanmei. Post Quantum password-based authentication key exchange protocol based on ring learning with errors problem[J]. Acta Electronica Sinica, 2021, 49(2): 260–267. doi: 10.12263/DZXB.20190101
[2]	KOCHER P, JAFFE J, and JUN B. Differential power analysis[C]. 19th Advances in Cryptology-CRYPTO’ 99, Berlin, Germany: Springer, 1999. 388–397.
[3]	陈华, 习伟, 范丽敏, 等. 密码产品的侧信道分析与评估[J]. 电子与信息学报, 2020, 42(8): 1836–1845. doi: 10.11999/JEIT190853 CHEN Hua, XI Wei, FAN Limin, et al. Side channel analysis and evaluation on cryptographic products[J]. Journal of Electronics &Information Technology, 2020, 42(8): 1836–1845. doi: 10.11999/JEIT190853
[4]	PRIMAS R, PESSL P, and MANGARD S. Single-trace side-channel attacks on masked lattice-based encryption[C]. 19th Cryptographic Hardware and Embedded Systems – CHES 2017, Cham, Switzerland, 2017: 513–533.
[5]	PESSL P and PRIMAS R. More practical single-trace attacks on the number theoretic transform[C]. 6th Progress in Cryptology – LATINCRYPT 2019, Cham, Switzerland, 2019: 130–149.
[6]	RAVI P, ROY S S, CHATTOPADHYAY A, et al. Generic Side-channel Attacks on CCA-secure lattice-based PKE and KEMs[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020, 2020(3): 307–335. doi: 10.13154/tches.v2020.i3.307-335
[7]	AYDIN F, AYSU A, TIWARI M, et al. Horizontal side-channel vulnerabilities of post-quantum key exchange and encapsulation protocols[J]. ACM Transactions on Embedded Computing Systems, 2021, 20(6): 110. doi: 10.1145/3476799
[8]	XU Zhuang, PEMBERTON O, ROY S S, et al. Magnifying side-channel leakage of lattice-based cryptosystems with chosen ciphertexts: the case study of kyber[J]. IEEE Transactions on Computers, 2022, 71(9): 2163–2176. doi: 10.1109/TC.2021.3122997
[9]	RAVI P, BHASIN S, ROY S S, et al. Drop by Drop you break the rock - Exploiting generic vulnerabilities in Lattice-based PKE/KEMs using EM-based Physical Attacks[EB/OL]. IACR Cryptology ePrint Arch, 2020: 549.
[10]	AMIET D, CURIGER A, LEUENBERGER L, et al. Defeating NewHope with a single trace[C]. 11th Post-Quantum Cryptography - PQCrypto 2020, Cham, Switzerland, 2020: 189–205.
[11]	SIM B Y, KWON J, LEE J, et al. Single-trace attacks on message encoding in lattice-based KEMs[J]. IEEE Access, 2020, 8: 183175–183191. doi: 10.1109/ACCESS.2020.3029521
[12]	NGO K, DUBROVA E, GUO Qiao, et al. A side-channel attack on a masked IND-CCA secure saber KEM implementation[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021, 2021(4): 676–707. doi: 10.46586/tches.v2021.i4.676-707
[13]	NGO K, DUBROVA E, and JOHANSSON T. Breaking masked and shuffled CCA secure saber KEM by power analysis[C]. The 5th Workshop on Attacks and Solutions in Hardware Security, Virtual Event, Korea, 2021. 51–61.
[14]	D’ANVERS J. Saber algorithm specifications and supporting documentation[OL]. https://csrc.nist.gov/projects/postquantum-cryptography/round-3-submissions. 2020.
[15]	BANERJEE A, PEIKERT C, and ROSEN A. Pseudorandom functions and lattices[C]. 31st Advances in Cryptology – EUROCRYPT 2012, Berlin, Germany, 2012. 719–737.
[16]	GOODWILL G, JUN B, JAFFE J, et al. A testing methodology for side channel resistance validation[C]. NIST Non-Invasive Attack Testing Workshop, Gaithersburg, USA, 2011: 115–136.
[17]	WELCH B L. The generalization of ‘STUDENT'S’ problem when several different population varlances are involved[J]. Biometrika, 1947, 34(1/2): 28–35. doi: 10.1093/biomet/34.1-2.28
[18]	BHASIN S, DANGER J L, GUILLEY S, et al. NICV: Normalized inter-class variance for detection of side-channel leakage[C]. 2014 International Symposium on Electromagnetic Compatibility, Tokyo, Japan, 2014. 310–313.
[19]	KANNWISCHER M J, RIJNEVELD J, SCHWABE P, et al. PQM4: Post-quantum crypto library for the ARM Cortex-M4[EB/OL]. https://github.com/mupq/pqm4, 2020.