Paper 2022/1499

Masked Key Wrapping and Mask Compression

Markku-Juhani O. Saarinen, PQShield Ltd.
Abstract

Side-channel secure implementations of public-key cryptography algorithms must be able to load and store their secret keys safely. We describe WrapQ, a masking-friendly key management technique and encoding format for Kyber and Dilithium Critical Security Parameters (CSPs). WrapQ protects secret key integrity and confidentiality with a Key-Encrypting Key (KEK) and allows the keys to be stored on an untrusted medium. Importantly, its encryption and decryption processes avoid temporarily collapsing the masked asymmetric secret keys (which are plaintext payloads from the viewpoint of the wrapping primitive) into an unmasked format. We demonstrate that a masked Kyber or Dilithium private key can be loaded any number of times from a compact WrapQ format without updating the encoding in non-volatile memory. We also consider the keys-in-RAM use case (without the write-back restriction) and introduce Mask Compression, a technique that leverages fast, unmasked deterministic samplers. Mask compression saves working memory while reducing the need for true randomness and is especially useful when higher-order masking is applied in lattice cryptography. The techniques have been implemented in a side-channel secure hardware module. Kyber and Dilithium wrapping and unwrapping functions were validated with 100K traces of TVLA-type leakage assessment.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
Side-Channel Security Masking Countermeasures Key Wrapping Post-Quantum Cryptography Kyber Dilithium
Contact author(s)
mjos @ pqshield com
History
2022-11-02: last of 2 revisions
2022-10-31: received
See all versions
Short URL
https://ia.cr/2022/1499
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1499,
      author = {Markku-Juhani O. Saarinen},
      title = {Masked Key Wrapping and Mask Compression},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1499},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1499}},
      url = {https://eprint.iacr.org/2022/1499}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.