Paper 2023/1626

Et tu, Brute? SCA Assisted CCA using Valid Ciphertexts - A Case Study on HQC KEM

Thales Paiva, Fundep and CASNAV, Brazil
Prasanna Ravi, College of Computing and Data Science, Nanyang Technological University, Singapore
Dirmanto Jap, Temasek Labs@NTU, Singapore
Shivam Bhasin, Temasek Labs@NTU, Singapore
Sayan Das, College of Computing and Data Science, Nanyang Technological University, Singapore
Anupam Chattopadhyay, College of Computing and Data Science, Nanyang Technological University, Singapore
Abstract

HQC is a code-based key encapsulation mechanism (KEM) that was selected to move to the fourth round of the NIST post-quantum standardization process. While this scheme was previously targeted by side-channel assisted chosen-ciphertext attacks for key recovery, all these attacks have relied on malformed ciphertexts for key recovery. Thus, all these attacks can be easily prevented by deploying a detection based countermeasures for invalid ciphertexts, and refreshing the secret key upon detection of an invalid ciphertext. This prevents further exposure of the secret key to the attacker and thus serves as an attractive option for protection against prior attacks. Thus, in this work, we present a critical analysis of the detection based countermeasure, and present the first side-channel based chosen-ciphertext attack that attempts to utilize only valid ciphertexts for key recovery, thereby defeating the detection based countermeasure. We propose novel attacks exploiting leakage from the ExpandAndSum and FindPeaks operations within the Reed-Muller decoder for full key recovery with 100% success rate. We show that our attacks are quite robust to noise in the side-channel measurements, and we also present novel extensions of our attack to the shuffling countermeasure on both the ExpandAndSum and FindPeaks operation, which renders the shuffling countermeasure ineffective. Our work therefore shows that low-cost detection based countermeasures can be rendered ineffective, and cannot offer standalone protection against CC-based side-channel attacks. Thus, our work encourages more study towards development of new low-cost countermeasures against CC-based side-channel attacks.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Code-based cryptographyElectromagnetic Side-Channel AttackHQCKey Encpasulation MechanismChosen Ciphertext Attack
Contact author(s)
thalespaiva @ gmail com
prasanna ravi @ ntu edu sg
djap @ ntu edu sg
sbhasin @ ntu edu sg
sayan005 @ e ntu edu sg
anupam @ ntu edu sg
History
2024-11-06: last of 2 revisions
2023-10-19: received
See all versions
Short URL
https://ia.cr/2023/1626
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1626,
      author = {Thales Paiva and Prasanna Ravi and Dirmanto Jap and Shivam Bhasin and Sayan Das and Anupam Chattopadhyay},
      title = {Et tu, Brute? {SCA} Assisted {CCA} using Valid Ciphertexts - A Case Study on {HQC} {KEM}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1626},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1626}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.