A practical key-recovery attack on LWE-based key- encapsulation mechanism schemes using Rowhammer

Puja Mondal; Suparna Kundu; Sarani Bhattacharya; Angshuman Karmakar; Ingrid Verbauwhede

Paper 2023/1731

A practical key-recovery attack on LWE-based key- encapsulation mechanism schemes using Rowhammer

Puja Mondal

, Indian Institute of Technology Kanpur

Suparna Kundu

, KU Leuven, Belgium

Sarani Bhattacharya

, Indian Institute of Technology Kharagpur

Angshuman Karmakar

, Indian Institute of Technology Kanpur

Ingrid Verbauwhede

, KU Leuven, Belgium

Abstract

Physical attacks are serious threats to cryptosystems deployed in the real world. In this work, we propose a microarchitectural end-to-end attack methodology on generic lattice-based post-quantum key encapsulation mechanisms to recover the long-term secret key. Our attack targets a critical component of a Fujisaki-Okamoto transform that is used in the construction of almost all lattice-based key encapsulation mechanisms. We demonstrate our attack model on practical schemes such as Kyber and Saber by using Rowhammer. We show that our attack is highly practical and imposes little preconditions on the attacker to succeed. As an additional contribution, we propose an improved version of the plaintext checking oracle, which is used by almost all physical attack strategies on lattice-based key-encapsulation mechanisms. Our improvement reduces the number of queries to the plaintext checking oracle by as much as 39% for Saber and approximately 23% for Kyber768. This can be of independent interest and can also be used to reduce the complexity of other attacks.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Published elsewhere. Minor revision. ACNS 2024
Keywords: Post-quantum cryptography Key-encapsulation mechanism micro-architecture attacks Rowhammer Saber Kyber
Contact author(s): pujamondal22 @ iitk ac in
suparna kundu @ esat kuleuven be
sarani @ cse iitkgp ac in
angshuman @ cse iitk ac in
ingrid verbauwhede @ esat kuleuven be
History: 2023-11-13: approved; 2023-11-08: received; See all versions
Short URL: https://ia.cr/2023/1731
License: CC BY

BibTeX

@misc{cryptoeprint:2023/1731,
      author = {Puja Mondal and Suparna Kundu and Sarani Bhattacharya and Angshuman Karmakar and Ingrid Verbauwhede},
      title = {A practical key-recovery attack on LWE-based key- encapsulation mechanism schemes using Rowhammer},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1731},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1731}},
      url = {https://eprint.iacr.org/2023/1731}
}