A side-channel attack on a masked IND-CCA secure saber KEM implementation

Kalle Ngo; Elena Dubrova; Qian Guo; Thomas Johansson

doi:10.46586/tches.v2021.i4.676-707

A side-channel attack on a masked IND-CCA secure saber KEM implementation

Kalle Ngo, Elena Dubrova, Qian Guo, Thomas Johansson

KTH Royal Institute of Technology

Research output: Contribution to journal › Article › peer-review

Abstract

In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.

Original language	English
Pages (from-to)	676-707
Journal	IACR Transactions on Cryptographic Hardware and Embedded Systems
Volume	2021
Issue number	4
DOIs	https://doi.org/10.46586/tches.v2021.i4.676-707
Publication status	Published - 2021

Subject classification (UKÄ)

Computer Sciences

Free keywords

Deep learning
LWE/LWR-based KEM
Post-quantum cryptography
Power analysis
Public-key cryptography
Saber KEM
Side-channel attack

Access to Document

10.46586/tches.v2021.i4.676-707

Lightweight Cryptography for Autonomous Vehicles
Johansson, T. (Researcher) & Guo, Q. (Researcher)
2020/08/01 → 2023/12/31
Project: Research

Cite this

@article{3cc7371e3ef7415c864bd7f88212894b,

title = "A side-channel attack on a masked IND-CCA secure saber KEM implementation",

abstract = "In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.",

keywords = "Deep learning, LWE/LWR-based KEM, Post-quantum cryptography, Power analysis, Public-key cryptography, Saber KEM, Side-channel attack",

author = "Kalle Ngo and Elena Dubrova and Qian Guo and Thomas Johansson",

year = "2021",

doi = "10.46586/tches.v2021.i4.676-707",

language = "English",

volume = "2021",

pages = "676--707",

journal = "IACR Transactions on Cryptographic Hardware and Embedded Systems",

issn = "2569-2925",

publisher = "Ruhr-University of Bochum",

number = "4",

}

TY - JOUR

T1 - A side-channel attack on a masked IND-CCA secure saber KEM implementation

AU - Ngo, Kalle

AU - Dubrova, Elena

AU - Guo, Qian

AU - Johansson, Thomas

PY - 2021

Y1 - 2021

N2 - In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.

AB - In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.

KW - Deep learning

KW - LWE/LWR-based KEM

KW - Post-quantum cryptography

KW - Power analysis

KW - Public-key cryptography

KW - Saber KEM

KW - Side-channel attack

U2 - 10.46586/tches.v2021.i4.676-707

DO - 10.46586/tches.v2021.i4.676-707

M3 - Article

AN - SCOPUS:85118420523

SN - 2569-2925

VL - 2021

SP - 676

EP - 707

JO - IACR Transactions on Cryptographic Hardware and Embedded Systems

JF - IACR Transactions on Cryptographic Hardware and Embedded Systems

IS - 4

ER -

A side-channel attack on a masked IND-CCA secure saber KEM implementation

Abstract

Subject classification (UKÄ)

Free keywords

Access to Document

Fingerprint

Projects

Lightweight Cryptography for Autonomous Vehicles

Cite this