Paper 2020/1038
On Configurable SCA Countermeasures Against Single Trace Attacks for the NTT - A Performance Evaluation Study over Kyber and Dilithium on the ARM Cortex-M4
Prasanna Ravi, Romain Poussier, Shivam Bhasin, and Anupam Chattopadhyay
Abstract
The Number Theoretic Transform (NTT) is a critical sub-block used in several structured lattice-based schemes, including Kyber and Dilithium, which are finalist candidates in the NIST's standardization process for post-quantum cryptography. The NTT was shown to be susceptible to single trace side-channel attacks by Primas et al. in CHES 2017 and Pessl et al. in Latincrypt 2019 who demonstrated full key recovery from single traces on the ARM Cortex-M4 microcontroller. However, the cost of deploying suitable countermeasures to protect the NTT from these attacks on the same target platform has not yet been studied. In this work, we propose novel shuffling and masking countermeasures to protect the NTT from such single trace attacks. Firstly, we exploit arithmetic properties of twiddle constants used within the NTT computation to propose efficient and generic masking strategies for the NTT with configurable SCA resistance. Secondly, we also propose new variants of the shuffling countermeasure with varying granularity for the NTT. We perform a detailed comparative evaluation of the runtime performances for our proposed countermeasures within open source implementations of Kyber and Dilithium from the pqm4 library on the ARM Cortex-M4 microcontroller. Our proposed countermeasures yield a reasonable overhead in the range of 7%-78% across all procedures of Kyber, while the overheads are much more pronounced for Dilithium, ranging from 12%-197% for the key generation procedure and 32%-490% for the signing procedure.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint. MINOR revision.
- Keywords
- Lattice-based cryptographySide-Channel AttacksKyberDilithiumShufflingMaskingNumber Theoretic Transform
- Contact author(s)
- PRASANNA RAVI @ ntu edu sg
- History
- 2020-12-21: last of 2 revisions
- 2020-08-28: received
- See all versions
- Short URL
- https://ia.cr/2020/1038
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/1038, author = {Prasanna Ravi and Romain Poussier and Shivam Bhasin and Anupam Chattopadhyay}, title = {On Configurable {SCA} Countermeasures Against Single Trace Attacks for the {NTT} - A Performance Evaluation Study over Kyber and Dilithium on the {ARM} Cortex-M4}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/1038}, year = {2020}, url = {https://eprint.iacr.org/2020/1038} }