Paper 2024/066

Exploiting the Central Reduction in Lattice-Based Cryptography

Tolun Tosun, Sabancı University
Amir Moradi, Ruhr University Bochum
Erkay Savas, Sabancı University
Abstract

This paper questions the side-channel security of central reduction technique, which is widely adapted in efficient implementations of Lattice-Based Cryptography (LBC). We show that the central reduction leads to a vulnerability by creating a strong dependency between the power consumption and the sign of sensitive intermediate values. We exploit this dependency by introducing the novel absolute value prediction function, which can be employed in higher-order non-profiled multi-query Side-Channel Analysis (SCA) attacks. Our results reveal that – compared to classical reduction algorithms – employing the central reduction scheme leads to a two-orders-of-magnitude decrease in the number of required SCA measurements to exploit secrets of masked implementations. We particularly show that our approach is valid for the prime moduli employed by Kyber and Dilithium, the lattice-based post-quantum algorithms selected by NIST. We practically evaluate our introduced approach by performing second-order non-profiled attacks against an open-source masked implementation of Kyber on an ARM Cortex-M4 micro-processor. In our experiments, we revealed the full secret key of the aforementioned masked implementation with only 250 power traces without any forms of profiling or choosing the ciphertexts.

Note: Second revision.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
KyberSide-Channel AnalysisCorrelation Power AnalysisPlantardMontgomeryArithmetic MaskingCentered Reduction
Contact author(s)
toluntosun @ sabanciuniv edu
amir moradi @ tu-darmstadt de
erkays @ sabanciuniv edu
History
2024-10-01: last of 4 revisions
2024-01-16: received
See all versions
Short URL
https://ia.cr/2024/066
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/066,
      author = {Tolun Tosun and Amir Moradi and Erkay Savas},
      title = {Exploiting the Central Reduction in Lattice-Based Cryptography},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/066},
      year = {2024},
      url = {https://eprint.iacr.org/2024/066}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.