Cryptology ePrint Archive: Report 2020/1559
On Exploiting Message Leakage in (few) NIST PQC Candidates for Practical Message Recovery and Key Recovery Attacks
Prasanna Ravi and Shivam Bhasin and Sujoy Sinha Roy and Anupam Chattopadhyay
Abstract: With the NIST Post quantum cryptography competition in final round, the importance of implementation security is highlighted in the latest call. In this regard, we report practical side-channel assisted message recovery attacks over embedded implementations of several post-quantum public key encryption (PKE) and key encapsulation mechanisms (KEM) based on the Learning With Errors (LWE) and Learning With Rounding (LWR) problem, which include
three finalists and three semi-finalist candidates of the NIST standardization process. The proposed attacks
target storage of the decrypted message in memory, a basic operation found in all libraries and typically
unavoidable in any embedded implementation. We also identify interesting ciphertext malleability properties
for LWE/LWR-based PKEs and exploit them to generalise proposed attack to different implementation
choices as well as implementations protected with side-channel countermeasures such as shuffling and masking.
All proposed attacks are validated on ARM Cortex-M4 microcontroller, targeting optimized open source implementations
of PQC schemes using electromagnetic side-channel measurements.
Category / Keywords: public-key cryptography / Lattice-based cryptography, Side-Channel Attacks, Ciphertext Malleability, Kyber, Saber, Shuffling, Masking
Date: received 14 Dec 2020, last revised 21 Dec 2020
Contact author: PRASANNA RAVI at ntu edu sg
Available format(s): PDF | BibTeX Citation
Version: 20201221:090702 (All versions of this report)
Short URL: ia.cr/2020/1559
[ Cryptology ePrint archive ]