Paper 2023/1626
Et tu, Brute? SCA Assisted CCA using Valid Ciphertexts - A Case Study on HQC KEM
Abstract
HQC is a code-based key encapsulation mechanism (KEM) that was selected to move to the fourth round of the NIST post-quantum standardization process. While this scheme was previously targeted by side-channel assisted chosen-ciphertext attacks for key recovery, all these attacks have relied on malformed ciphertexts for key recovery. Thus, all these attacks can be easily prevented by deploying a detection based countermeasures for invalid ciphertexts, and refreshing the secret key upon detection of an invalid ciphertext. This prevents further exposure of the secret key to the attacker and thus serves as an attractive option for protection against prior attacks. Thus, in this work, we present a critical analysis of the detection based countermeasure, and present the first side-channel based chosen-ciphertext attack that attempts to utilize only valid ciphertexts for key recovery, thereby defeating the detection based countermeasure. We propose novel attacks exploiting leakage from the ExpandAndSum and FindPeaks operations within the Reed-Muller decoder for full key recovery with 100% success rate. We show that our attacks are quite robust to noise in the side-channel measurements, and we also present novel extensions of our attack to the shuffling countermeasure on both the ExpandAndSum and FindPeaks operation, which renders the shuffling countermeasure ineffective. Our work therefore shows that low-cost detection based countermeasures can be rendered ineffective, and cannot offer standalone protection against CC-based side-channel attacks. Thus, our work encourages more study towards development of new low-cost countermeasures against CC-based side-channel attacks.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Code-based cryptographyElectromagnetic Side-Channel AttackHQCKey Encpasulation MechanismChosen Ciphertext Attack
- Contact author(s)
-
thalespaiva @ gmail com
prasanna ravi @ ntu edu sg
djap @ ntu edu sg
sbhasin @ ntu edu sg
sayan005 @ e ntu edu sg
anupam @ ntu edu sg - History
- 2024-11-06: last of 2 revisions
- 2023-10-19: received
- See all versions
- Short URL
- https://ia.cr/2023/1626
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1626, author = {Thales Paiva and Prasanna Ravi and Dirmanto Jap and Shivam Bhasin and Sayan Das and Anupam Chattopadhyay}, title = {Et tu, Brute? {SCA} Assisted {CCA} using Valid Ciphertexts - A Case Study on {HQC} {KEM}}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1626}, year = {2023}, url = {https://eprint.iacr.org/2023/1626} }