Cryptology ePrint Archive: Report 2022/364

Single-trace clustering power analysis of the point-swapping procedure in the three point ladder of Cortex-M4 SIKE

Aymeric Genêt and Novak Kaluđerović

Abstract: In this paper, the recommended implementation of the post-quantum key exchange SIKE for Cortex-M4 is attacked through power analysis with a single trace by clustering with the $k$-means algorithm the power samples of all the invocations of the elliptic curve point swapping function in the constant-time coordinate-randomized three point ladder. Because each sample depends on whether two consecutive bits of the private key are the same or not, a successful clustering (with $k=2$) leads to the recovery of the entire private key. The attack is naturally improved with better strategies, such as clustering the samples in the frequency domain or processing the traces with a wavelet transform, using a simpler clustering algorithm based on thresholding, and using metrics to prioritize certain keys for key validation. The attack and the proposed improvements were experimentally verified using the ChipWhisperer framework. Splitting the swapping mask into multiple shares is suggested as an effective countermeasure.

Category / Keywords: public-key cryptography / SIKE, side-channel analysis, power analysis, k-means clustering, single-trace attack, post-quantum key exchange, isogeny-based cryptography, ARM Cortex-M4

Original Publication (in the same form): COSADE 2022

Date: received 17 Mar 2022

Contact author: aymeric genet at epfl ch, novak kaluderovic at epfl ch

Available format(s): PDF | BibTeX Citation

Version: 20220318:094843 (All versions of this report)

Short URL: ia.cr/2022/364


[ Cryptology ePrint archive ]