Paper 2020/368

Defeating NewHope with a Single Trace

Dorian Amiet, Andreas Curiger, Lukas Leuenberger, and Paul Zbinden

Abstract

The key encapsulation method NewHope allows two parties to agree on a secret key. The scheme includes a private and a public key. While the public key is used to encipher a random shared secret, the private key enables to decipher the ciphertext. NewHope is a candidate in the NIST post-quantum project, whose aim is to standardize cryptographic systems that are secure against attacks originating from both quantum and classical computers. While NewHope relies on the theory of quantum-resistant lattice problems, practical implementations have shown vulnerabilities against side-channel attacks targeting the extraction of the private key. In this paper, we demonstrate a new attack on the shared secret. The target consists of the C reference implementation as submitted to the NIST contest, being executed on a Cortex-M4 processor. Based on power measurement, the complete shared secret can be extracted from data of one single trace only. Further, we analyze the impact of different compiler directives. When the code is compiled with optimization turned off, the shared secret can be read from an oscilloscope display directly with the naked eye. When optimizations are enabled, the attack requires some more sophisticated techniques, but the attack still works on single power traces.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. PQCrypto 2020
DOI
10.1007/978-3-030-44223-1_11
Contact author(s)
dorian amiet @ hsr ch
History
2020-04-02: received
Short URL
https://ia.cr/2020/368
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/368,
      author = {Dorian Amiet and Andreas Curiger and Lukas Leuenberger and Paul Zbinden},
      title = {Defeating {NewHope} with a Single Trace},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/368},
      year = {2020},
      doi = {10.1007/978-3-030-44223-1_11},
      url = {https://eprint.iacr.org/2020/368}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.