Cryptology ePrint Archive: Report 2021/477

Side-Channel Attack on ROLLO Post-Quantum Cryptographic Scheme

Agathe Cheriere and Lina Mortajine and Tania Richmond and Nadia El Mrabet

Abstract: ROLLO is a candidate to the second round of NIST Post-Quantum Cryptography standardization process. In the last update in April 2020, there was a key encapsulation mechanism (ROLLO-I) and a public-key encryption scheme (ROLLO-II). In this paper, we propose an attack to recover the syndrome during the decapsulation process of ROLLO-I. From this syndrome, we explain how to perform a private key-recovery. We target two constant-time implementations: the C reference implementation and a C implementation available on GitHub. By getting power measurements during the execution of the Gaussian elimination function, we are able to extract on a single trace each element of the syndrome. This attack can also be applied to the decryption process of ROLLO-II.

Category / Keywords: public-key cryptography / ROLLO, side-channel attack, power consumption analysis, key-recovery attack, single-trace analysis, rank metric, LRPC codes

Date: received 14 Apr 2021

Contact author: agathe cheriere at irisa fr,lina mortajine@emse fr,tania richmond@inria fr

Available format(s): PDF | BibTeX Citation

Version: 20210415:092645 (All versions of this report)

Short URL: ia.cr/2021/477


[ Cryptology ePrint archive ]