Paper 2024/036

Blink: Breaking Lattice-Based Schemes Implemented in Parallel with Chosen-Ciphertext Attack

Jian Wang, Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences
Weiqiong Cao, Institute of Software, Chinese Academy of Sciences
Hua Chen, Institute of Software, Chinese Academy of Sciences
Haoyuan Li, Zhongguancun Laboratory
Abstract

As the message recovery-based attack poses a serious threat to lattice-based schemes, we conducted a study on the side-channel secu- rity of parallel implementations of lattice-based key encapsulation mech- anisms. Initially, we developed a power model to describe the power leakage during message encoding. Utilizing this power model, we pro- pose a multi-ciphertext message recovery attack, which can retrieve the required messages for a chosen ciphertext attack through a suitable mes- sage recovery oracle. Building upon the successful message recovery, we further develop a key recovery method based on a ciphertext-choosing strategy that maximizes key recovery accuracy, as well as a lattice reduc- tion attack capable of solving the whole private key from the target LWE instance. To assess the effectiveness of the attack, we conducted experi- ments using Kyber768 implemented on a Xilinx FPGA board. The exper- imental results demonstrate that our attack could successfully recover the private key with 9600 power traces and a computational complexity of 100 bikz, which is a significant advantage over existing attacks. Notably, our attack remains effective despite countermeasures such as masking and shuffling being implemented. This study reveals that parallel im- plementations remain vulnerable to side-channel attacks, and highlights the necessity of additional analysis and countermeasures for lattice-based schemes implemented in parallel.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
PQCKyberParallel implementationFPGACCALattice reduction
Contact author(s)
wangjian2019 @ iscas ac cn
caoweiqiong @ iscas ac cn
chenhua @ iscas ac cn
lihy @ zgclab edu cn
History
2024-01-10: approved
2024-01-09: received
See all versions
Short URL
https://ia.cr/2024/036
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/036,
      author = {Jian Wang and Weiqiong Cao and Hua Chen and Haoyuan Li},
      title = {Blink: Breaking Lattice-Based Schemes Implemented in Parallel with Chosen-Ciphertext Attack},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/036},
      year = {2024},
      url = {https://eprint.iacr.org/2024/036}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.