Paper 2025/721

Efficient Key Recovery via Correlation Power Analysis on Scloud⁺

Hangyu Bai, University of Science and Technology of China
Fan Huang, University of Science and Technology of China
Xiaolin Duan, University of Science and Technology of China
Honggang Hu, University of Science and Technology of China
Abstract

Scloud+ is a next-generation post-quantum key encapsulation mechanism that combines unstructured-LWE and a ternary key encoding technique to achieve efficient lattice cryptographic operations while eliminating traditional ring structure constraints. Despite its rigorously formalized theoretical security, its practical deployment faces side-channel threats, notably Correlation Power Analysis (CPA) attacks. This paper systematically investigates the physical security of its core ciphertext-key matrix multiplication module by proposing a CPA framework that integrates instruction-level timing analysis. A SoST (Sum of Squared T-values) model, inspired by multi-group Welch's t-test, is used to analyze the Hamming weight leakage during ciphertext loading. At the same time, dynamic sampling windows, combined with processor pipeline modeling, are employed to pinpoint critical leakage intervals. Exploiting the characteristics of ternary keys, an iterative recovery strategy is devised: following a predefined scan order, the candidate set and partial intermediate sums are used to construct a Hamming weight model for hypothesized leakage vectors. Pearson correlation analysis and trace-count stabilization are applied within each dynamic sampling window to determine the optimal estimate for each key element. Experiments targeting 4800 key elements, illustrated through a detailed analysis of the first 32 elements, demonstrate high recovery accuracy with no more than 15 traces per element, indicating high efficiency and stability that can extend to the full key reconstruction. To thwart such CPA attacks, we have further designed and implemented a first‐order arithmetic masking countermeasure that splits the original ternary secret key into two subkeys, thereby expanding the attacker's key hypothesis space and significantly enhancing side‐channel resilience. Our results demonstrate that Scloud remains vulnerable to side‐channel exploits at the implementation level, highlighting the urgent need to integrate appropriate protections into its standardization process.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
side channel attackcorrelation power analysispost-quantum cryptographyScloud⁺
Contact author(s)
bhy @ mail ustc edu cn
hghu2005 @ ustc edu cn
History
2025-04-25: last of 2 revisions
2025-04-22: received
See all versions
Short URL
https://ia.cr/2025/721
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/721,
      author = {Hangyu Bai and Fan Huang and Xiaolin Duan and Honggang Hu},
      title = {Efficient Key Recovery via Correlation Power Analysis on Scloud⁺},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/721},
      year = {2025},
      url = {https://eprint.iacr.org/2025/721}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.