nach oben

Erschienen in:

2024 | OriginalPaper | Buchkapitel

A Shared Key Recovery Attack on a Masked Implementation of CRYSTALS-Kyber’s Encapsulation Algorithm

verfasst von : Ruize Wang, Elena Dubrova

Erschienen in: Foundations and Practice of Security

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In July 2022, NIST selected CRYSTALS-Kyber as a new post-quantum secure public key encryption and key encapsulation mechanism to be standardized. To safeguard its shared and secret keys from side-channel attacks (SCA), countermeasures such as masking and shuffling are applied. However, the existing SCA-protected implementations of CRYSTALS-Kyber protect the decapsulation algorithm only. The encapsulation algorithm is not covered because single-trace shared key recovery attacks on encapsulation are not considered feasible. Since the same shared key is never encapsulated more than once, the attacker gets only a single trace per shared key from the execution of the encapsulation algorithm. In this paper, we demonstrate a practical single-trace shared key recovery attack on a first-order masked implementation of the encapsulation algorithm of Kyber-768 in ARM Cortex-M4 based on deep learning-assisted power analysis. Our main contribution is a new aggregation method for ensemble learning that enables enumeration during shared key recovery. Our experimental results show that a full shared key can be recovered with a 91% probability on average from a single trace captured from a different from profiling device.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Design of an Efficient Distributed Delivery Service for Group Key Agreement Protocols

Nächstes Kapitel Tight Differential Privacy Guarantees for the Shuffle Model with k-Randomized Response

Amiet, D., Curiger, A., Leuenberger, L., Zbinden, P.: Defeating NewHope with a single trace. In: Ding, J., Tillich, J.-P. (eds.) PQCrypto 2020. LNCS, vol. 12100, pp. 189–205. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44223-1_11CrossRef

Avanzi, R., et al.: CRYSTALS-Kyber algorithm specifications and supporting documentation (2021). https://pq-crystals.org/kyber/data/kyber-specification-round3-20210131.pdf

Backlund, L., Ngo, K., Gartner, J., Dubrova, E.: Secret key recovery attacks on masked and shuffled implementations of CRYSTALS-Kyber and Saber. Cryptology ePrint Archive, Paper 2022/1692 (2022). https://eprint.iacr.org/2022/1692

Bos, J., et al.: CRYSTALS-Kyber: a CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 353–367. IEEE (2018)

Bronchain, O., Cassiers, G.: Bitslicing arithmetic/Boolean masking conversions for fun and profit: with application to lattice-based KEMs. IACR Trans. Crypto. Hardware Embedded Syst. 553–588 (2022)

Dubrova, E., Ngo, K., Gärtner, J., Wang, R.: Breaking a fifth-order masked implementation of CRYSTALS-Kyber by copy-paste. In: Proceedings of the 10th ACM Asia Public-Key Cryptography Workshop, pp. 10–20 (2023)

Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_34CrossRef

Hamburg, M., et al.: Chosen ciphertext k-trace attacks on masked CCA2 secure Kyber. IACR Trans. Crypto. Hardware Embedded Systems, 88–113 (2021)

Heinz, D., Kannwischer, M.J., Land, G., Pöppelmann, T., Schwabe, P., Sprenkels, D.: First-order masked Kyber on ARM Cortex-M4. Cryptology ePrint Archive, Paper 2022/058 (2022). https://eprint.iacr.org/2022/058

10.

Maghrebi, H., Servant, V., Bringer, J.: There is wisdom in harnessing the strengths of your enemy: Customized encoding to thwart side-channel attacks. In: Fast Software Encryption, pp. 223–243 (2016)

11.

von Neumann, J.: Probabilistic logics and the synthesis of reliable organisms from unreliable components. Automata Studies, pp. 43–98 (1956)

12.

Ngo, K., Dubrova, E., Guo, Q., Johansson, T.: A side-channel attack on a masked IND-CCA secure Saber KEM implementation. IACR Trans. Crypto. Hardware Embedded Syst. 676–707 (2021)

13.

Pacuit, E.: Voting methods. Stanford Encyclopedia of Philosophy (2019)

14.

PARHAMI, B.: Threshold voting is fundamentally simpler than plurality voting. Inter. J. Reliab. Quality Saf. Eng. 1(01), 95–102 (1994)

15.

Perin, G., Chmielewski, Ł., Picek, S.: Strength in numbers: improving generalization with ensembles in machine learning-based profiled side-channel analysis. IACR Trans. Crypt. Hardware Embedded Syst., 337–364 (2020)

16.

Pessl, P., Primas, R.: More practical single-trace attacks on the number theoretic transform. In: Schwabe, P., Thériault, N. (eds.) Progress in Cryptology - LATINCRYPT 2019, pp. 130–149. Springer International Publishing, Cham (2019). https://doi.org/10.1007/978-3-030-30530-7_7CrossRef

17.

Polikar, R.: Ensemble learning. Ensemble machine learning: methods and applications, pp. 1–34 (2012)

18.

Primas, R., Pessl, P., Mangard, S.: Single-trace side-channel attacks on masked lattice-based encryption. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 513–533. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_25CrossRef

19.

Ravi, P., Bhasin, S., Roy, S.S., Chattopadhyay, A.: On exploiting message leakage in (few) NIST PQC candidates for practical message recovery attacks. IEEE Trans. Inform. Forensics Sec. (2021)

20.

Sim, B.Y., et al.: Single-trace attacks on message encoding in lattice-based KEMs. IEEE Access 8, 183175–183191 (2020)CrossRef

21.

Wang, H., Dubrova, E.: Tandem deep learning side-channel attack against FPGA implementation of AES. In: 2020 IEEE International Symposium on Smart Electronic Systems (iSES) (Formerly iNiS), pp. 147–150 (2020). https://doi.org/10.1109/iSES50453.2020.00041

22.

Wang, J., Cao, W., Chen, H., Li, H.: Practical side-channel attack on message encoding in masked Kyber. In: 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 882–889. IEEE (2022)

23.

Wang, R., Brisfors, M., Dubrova, E.: A side-channel attack on a bitsliced higher-order masked CRYSTALS-Kyber implementation. Cryptology ePrint Archive (2023)

24.

Wang, R., Dubrova, E.: A side-channel secret key recovery attack on CRYSTALS-Kyber using k chosen ciphertexts. In: International Conference on Codes, Cryptology, and Information Security, pp. 109–128. Springer (2023)

25.

Xu, Z., Pemberton, O.M., Roy, S.S., Oswald, D., Yao, W., Zheng, Z.: Magnifying side-channel leakage of lattice-based cryptosystems with chosen ciphertexts: The case study of Kyber. IEEE Transactions on Computers (2021)

26.

Zaid, G., Bossuet, L., Habrard, A., Venelli, A.: Efficiency through diversity in ensemble models applied to side-channel attacks:–a case study on public-key algorithms–. IACR Trans. Cryptographic Hardware Embedded Syst., 60–96 (2021)

Titel: A Shared Key Recovery Attack on a Masked Implementation of CRYSTALS-Kyber’s Encapsulation Algorithm
verfasst von: Ruize Wang
Elena Dubrova
Verlag: Springer Nature Switzerland
Buch: Foundations and Practice of Security
Print ISBN: 978-3-031-57536-5

Electronic ISBN: 978-3-031-57537-2

Copyright-Jahr: 2024
DOI: https://doi.org/10.1007/978-3-031-57537-2_26

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner