Paper 2024/036
Blink: Breaking Lattice-Based Schemes Implemented in Parallel with Chosen-Ciphertext Attack
Abstract
As the message recovery-based attack poses a serious threat to lattice-based schemes, we conducted a study on the side-channel secu- rity of parallel implementations of lattice-based key encapsulation mech- anisms. Initially, we developed a power model to describe the power leakage during message encoding. Utilizing this power model, we pro- pose a multi-ciphertext message recovery attack, which can retrieve the required messages for a chosen ciphertext attack through a suitable mes- sage recovery oracle. Building upon the successful message recovery, we further develop a key recovery method based on a ciphertext-choosing strategy that maximizes key recovery accuracy, as well as a lattice reduc- tion attack capable of solving the whole private key from the target LWE instance. To assess the effectiveness of the attack, we conducted experi- ments using Kyber768 implemented on a Xilinx FPGA board. The exper- imental results demonstrate that our attack could successfully recover the private key with 9600 power traces and a computational complexity of 100 bikz, which is a significant advantage over existing attacks. Notably, our attack remains effective despite countermeasures such as masking and shuffling being implemented. This study reveals that parallel im- plementations remain vulnerable to side-channel attacks, and highlights the necessity of additional analysis and countermeasures for lattice-based schemes implemented in parallel.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- PQCKyberParallel implementationFPGACCALattice reduction
- Contact author(s)
-
wangjian2019 @ iscas ac cn
caoweiqiong @ iscas ac cn
chenhua @ iscas ac cn
lihy @ zgclab edu cn - History
- 2024-01-10: approved
- 2024-01-09: received
- See all versions
- Short URL
- https://ia.cr/2024/036
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/036, author = {Jian Wang and Weiqiong Cao and Hua Chen and Haoyuan Li}, title = {Blink: Breaking Lattice-Based Schemes Implemented in Parallel with Chosen-Ciphertext Attack}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/036}, year = {2024}, url = {https://eprint.iacr.org/2024/036} }