Paper 2022/364
Single-trace clustering power analysis of the point-swapping procedure in the three point ladder of Cortex-M4 SIKE
Aymeric Genêt and Novak Kaluđerović
Abstract
In this paper, the recommended implementation of the post-quantum key exchange SIKE for Cortex-M4 is attacked through power analysis with a single trace by clustering with the $k$-means algorithm the power samples of all the invocations of the elliptic curve point swapping function in the constant-time coordinate-randomized three point ladder. Because each sample depends on whether two consecutive bits of the private key are the same or not, a successful clustering (with $k=2$) leads to the recovery of the entire private key. The attack is naturally improved with better strategies, such as clustering the samples in the frequency domain or processing the traces with a wavelet transform, using a simpler clustering algorithm based on thresholding, and using metrics to prioritize certain keys for key validation. The attack and the proposed improvements were experimentally verified using the ChipWhisperer framework. Splitting the swapping mask into multiple shares is suggested as an effective countermeasure.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. COSADE 2022
- Keywords
- SIKEside-channel analysispower analysisk-means clusteringsingle-trace attackpost-quantum key exchangeisogeny-based cryptographyARM Cortex-M4
- Contact author(s)
-
aymeric genet @ epfl ch
novak kaluderovic @ epfl ch - History
- 2022-03-18: received
- Short URL
- https://ia.cr/2022/364
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/364, author = {Aymeric Genêt and Novak Kaluđerović}, title = {Single-trace clustering power analysis of the point-swapping procedure in the three point ladder of Cortex-M4 {SIKE}}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/364}, year = {2022}, url = {https://eprint.iacr.org/2022/364} }