Cryptology ePrint Archive: Report 2021/902

Breaking Masked and Shuffled CCA Secure Saber KEM by Power Analysis

Kalle Ngo and Elena Dubrova and Thomas Johansson

Abstract: In this paper, we show that a software implementation of CCA secure Saber KEM protected by first-order masking and shuffling can be broken by deep learning-based power analysis. Using an ensemble of deep neural networks created at the profiling stage, we can recover the session key and the long-term secret key from $257 \times N$ and $24 \times 257 \times N$ traces, respectively, where $N$ is the number of repetitions of the same measurement. The value of $N$ depends on the implementation, environmental factors, acquisition noise, etc.; in our experiments $N = 10$ is enough to succeed. The neural networks are trained on a combination of 80% of traces from the profiling device with a known shuffling order and 20% of traces from the device under attack captured for all-0 and all-1 messages. ``Spicing'' the training set with traces from the device under attack helps minimize the negative effect of device variability.

Category / Keywords: public-key cryptography / Public-key cryptography, post-quantum cryptography, Saber KEM, LWE/LWR-based KEM, side-channel attack, power analysis

Date: received 1 Jul 2021, last revised 22 Jul 2021

Contact author: dubrova at kth se

Available format(s): PDF | BibTeX Citation

Note: Section 8 is extended and improved.

Version: 20210722:091545 (All versions of this report)

Short URL: ia.cr/2021/902


[ Cryptology ePrint archive ]