You are looking at a specific version 20210618:072132 of this paper. See the latest version.

Paper 2021/477

Exploiting ROLLO's Constant-Time Implementations with a Single-Trace Analysis

Agathe Cheriere and Lina Mortajine and Tania Richmond and Nadia El Mrabet

Abstract

ROLLO was a candidate to the second round of NIST Post-Quantum Cryptography standardization process. In the last update in April 2020, there was a key encapsulation mechanism (ROLLO-I) and a public-key encryption scheme (ROLLO-II). In this paper, we propose an attack to recover the syndrome during the decapsulation process of ROLLO-I. From this syndrome, we explain how to perform a private key-recovery. We target two constant-time implementations: the C reference implementation and a C implementation available on GitHub. By getting power measurements during the execution of the Gaussian elimination function, we are able to extract on a single trace each element of the syndrome. This attack can also be applied to the decryption process of ROLLO-II.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
ROLLOside-channel attackpower consumption analysiskey-recovery attacksingle-trace analysisrank metricLRPC codes
Contact author(s)
agathe cheriere @ irisa fr,lina mortajine @ emse fr,tania richmond nc @ gmail com
History
2022-10-24: last of 2 revisions
2021-04-15: received
See all versions
Short URL
https://ia.cr/2021/477
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.