Abstract
In this work, we demonstrate generic and practical EM side-channel assisted chosen ciphertext attacks over multiple LWE/LWR-based Public Key Encryption (PKE) and Key Encapsulation Mechanisms (KEM) secure in the chosen ciphertext model (IND-CCA security). We show that the EM side-channel information can be efficiently utilized to instantiate a plaintext checking oracle, which provides binary information about the output of decryption, typically concealed within IND-CCA secure PKE/KEMs, thereby enabling our attacks. Firstly, we identified EM-based side-channel vulnerabilities in the error correcting codes (ECC) enabling us to distinguish based on the value/validity of decrypted codewords. We also identified similar vulnerabilities in the Fujisaki-Okamoto transform which leaks information about decrypted messages applicable to schemes that do not use ECC. We subsequently exploit these vulnerabilities to demonstrate practical attacks applicable to six CCA-secure lattice-based PKE/KEMs competing in the second round of the NIST standardization process. We perform experimental validation of our attacks on implementations taken from the open-source pqm4 library, running on the ARM Cortex-M4 microcontroller. Our attacks lead to complete key-recovery in a matter of minutes on all the targeted schemes, thus showing the effectiveness of our attack.
Highlights
NIST is currently conducting a global standardization process for post-quantum public-key cryptographic algorithms which are secure against attacks from quantum computers [NIS16]
We extend and generalize the idea of side-channels being used as efficient plaintext checking oracles by demonstrating practical EM-side channel assisted key recovery attacks applicable to six IND-CCA secure Learning With Errors (LWE)/Learning With Rounding (LWR) based Public Key Encryption (PKE)/Key Encapsulation Mechanisms (KEM)
We have shown that an attacker can efficiently utilize EM-side channel information from execution of error correcting procedures to instantiate an efficient plaintext checking oracle, leading to chosen ciphertext attacks over IND-CCA secure Round5 and LAC KEM
Summary
NIST is currently conducting a global standardization process for post-quantum public-key cryptographic algorithms which are secure against attacks from quantum computers [NIS16]. This process started in 2017 with about 69 candidates in the first round, based on a variety of hard problems considered to be intractable by quantum computers. After intense scrutiny from the cryptographic community, about 26 candidates (17 Public-key Encryption (PKE) and Key Encapsulation Mechanisms (KEM) and 9 Digital Signature schemes (DS)) were selected for the second round. While the main selection criterion for the first round had been theoretical security and uniqueness of the schemes, the second round will consider implementation aspects such as performance on both hardware and software platforms, bandwidth and resistance to side-channel attacks (SCA).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
