Paper 2021/902
Breaking Masked and Shuffled CCA Secure Saber KEM by Power Analysis
Kalle Ngo, Elena Dubrova, and Thomas Johansson
Abstract
In this paper, we show that a software implementation of CCA secure Saber KEM protected by first-order masking and shuffling can be broken by deep learning-based power analysis. Using an ensemble of deep neural networks created at the profiling stage, we can recover the session key and the long-term secret key from $257 \times N$ and $24 \times 257 \times N$ traces, respectively, where $N$ is the number of repetitions of the same measurement. The value of $N$ depends on the implementation, environmental factors, acquisition noise, etc.; in our experiments $N = 10$ is enough to succeed. The neural networks are trained on a combination of 80% of traces from the profiling device with a known shuffling order and 20% of traces from the device under attack captured for all-0 and all-1 messages. ``Spicing'' the training set with traces from the device under attack helps minimize the negative effect of device variability.
Note: Section 8 is extended and improved.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- Public-key cryptographypost-quantum cryptographySaber KEMLWELWR-based KEMside-channel attackpower analysis
- Contact author(s)
- dubrova @ kth se
- History
- 2021-07-22: revised
- 2021-07-05: received
- See all versions
- Short URL
- https://ia.cr/2021/902
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/902,
author = {Kalle Ngo and Elena Dubrova and Thomas Johansson},
title = {Breaking Masked and Shuffled {CCA} Secure Saber {KEM} by Power Analysis},
howpublished = {Cryptology {ePrint} Archive, Paper 2021/902},
year = {2021},
url = {https://eprint.iacr.org/2021/902}
}
