Paper 2017/594

Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption

Robert Primas, Peter Pessl, and Stefan Mangard

Abstract

Although lattice-based cryptography has proven to be a particularly efficient approach to post-quantum cryptography, its security against side-channel attacks is still a very open topic. There already exist some first works that use masking to achieve DPA security. However, for public-key primitives SPA attacks that use just a single trace are also highly relevant. For lattice-based cryptography this implementation-security aspect is still unexplored. In this work, we present the first single-trace attack on lattice-based encryption. As only a single side-channel observation is needed for full key recovery, it can also be used to attack masked implementations. We use leakage coming from the Number Theoretic Transform, which is at the heart of almost all efficient lattice-based implementations. This means that our attack can be adapted to a large range of other lattice-based constructions and their respective implementations. Our attack consists of 3 main steps. First, we perform a template matching on all modular operations in the decryption process. Second, we efficiently combine all this side-channel information using belief propagation. And third, we perform a lattice-decoding to recover the private key. We show that the attack allows full key recovery not only in a generic noisy Hamming-weight setting, but also based on real traces measured on an ARM Cortex-M4F microcontroller.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
A minor revision of an IACR publication in CHES 2017
Keywords
Lattice-Based CryptographySide-Channel AnalysisSingle-Trace AttackNumber Theoretic Transform
Contact author(s)
rprimas @ gmail com
History
2017-08-23: revised
2017-06-21: received
See all versions
Short URL
https://ia.cr/2017/594
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/594,
      author = {Robert Primas and Peter Pessl and Stefan Mangard},
      title = {Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2017/594},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/594}},
      url = {https://eprint.iacr.org/2017/594}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.