Paper 2020/1559

On Exploiting Message Leakage in (few) NIST PQC Candidates for Practical Message Recovery and Key Recovery Attacks

Prasanna Ravi, Shivam Bhasin, Sujoy Sinha Roy, and Anupam Chattopadhyay

Abstract

With the NIST Post quantum cryptography competition in final round, the importance of implementation security is highlighted in the latest call. In this regard, we report practical side-channel assisted message recovery attacks over embedded implementations of several post-quantum public key encryption (PKE) and key encapsulation mechanisms (KEM) based on the Learning With Errors (LWE) and Learning With Rounding (LWR) problem, which include three finalists and three semi-finalist candidates of the NIST standardization process. The proposed attacks target storage of the decrypted message in memory, a basic operation found in all libraries and typically unavoidable in any embedded implementation. We also identify interesting ciphertext malleability properties for LWE/LWR-based PKEs and exploit them to generalise proposed attack to different implementation choices as well as implementations protected with side-channel countermeasures such as shuffling and masking. All proposed attacks are validated on ARM Cortex-M4 microcontroller, targeting optimized open source implementations of PQC schemes using electromagnetic side-channel measurements.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Lattice-based cryptographySide-Channel AttacksCiphertext MalleabilityKyberSaberShufflingMasking
Contact author(s)
PRASANNA RAVI @ ntu edu sg
History
2020-12-21: revised
2020-12-14: received
See all versions
Short URL
https://ia.cr/2020/1559
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1559,
      author = {Prasanna Ravi and Shivam Bhasin and Sujoy Sinha Roy and Anupam Chattopadhyay},
      title = {On Exploiting Message Leakage in (few) {NIST} {PQC} Candidates for Practical Message Recovery and Key Recovery Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/1559},
      year = {2020},
      url = {https://eprint.iacr.org/2020/1559}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.