Paper 2024/066
Exploiting the Central Reduction in Lattice-Based Cryptography
Abstract
This paper questions the side-channel security of central reduction technique, which is widely adapted in efficient implementations of Lattice-Based Cryptography (LBC). We show that the central reduction leads to a vulnerability by creating a strong dependency between the power consumption and the sign of sensitive intermediate values. We exploit this dependency by introducing the novel absolute value prediction function, which can be employed in higher-order non-profiled multi-query Side-Channel Analysis (SCA) attacks. Our results reveal that – compared to classical reduction algorithms – employing the central reduction scheme leads to a two-orders-of-magnitude decrease in the number of required SCA measurements to exploit secrets of masked implementations. We particularly show that our approach is valid for the prime moduli employed by Kyber and Dilithium, the lattice-based post-quantum algorithms selected by NIST. We practically evaluate our introduced approach by performing second-order non-profiled attacks against an open-source masked implementation of Kyber on an ARM Cortex-M4 micro-processor. In our experiments, we revealed the full secret key of the aforementioned masked implementation with only 250 power traces without any forms of profiling or choosing the ciphertexts.
Note: Second revision.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- KyberSide-Channel AnalysisCorrelation Power AnalysisPlantardMontgomeryArithmetic MaskingCentered Reduction
- Contact author(s)
-
toluntosun @ sabanciuniv edu
amir moradi @ tu-darmstadt de
erkays @ sabanciuniv edu - History
- 2024-10-01: last of 4 revisions
- 2024-01-16: received
- See all versions
- Short URL
- https://ia.cr/2024/066
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/066, author = {Tolun Tosun and Amir Moradi and Erkay Savas}, title = {Exploiting the Central Reduction in Lattice-Based Cryptography}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/066}, year = {2024}, url = {https://eprint.iacr.org/2024/066} }