Abstract
In this article, we propose single-trace side-channel attacks against lattice-based key encapsulation mechanisms (KEMs) that are the third-round candidates of the national institute of standards and technology (NIST) standardization project. Specifically, we analyze the message encoding operation in the encapsulation phase of lattice-based KEMs to obtain an ephemeral session key. We conclude that a single-trace leakage implies a whole key recovery: the experimental results realized on a ChipWhisperer UFO STM32F3 target board achieve a success rate of 100% for $\mathsf {CRYSTALS-KYBER}$ and $\mathsf {SABER}$ regardless of an optimization level and those greater than 79% for $\mathsf {FrodoKEM}$ . We further demonstrate that the proposed attack methodologies are not restricted to the above algorithms but are widely applicable to other NIST post-quantum cryptography (PQC) candidates, including $\mathsf {NTRU Prime}$ and $\mathsf {NTRU}$ .
Highlights
The key encapsulation mechanism (KEM) is a public-key cryptosystem aimed at establishing key sharing between two parties
1) Novel single-trace attacks on CRYSTALS-KYBER, SABER, and FrodoKEM We introduce single-trace attacks on the message encoding operation in the encapsulation phase
We demonstrate that the proposed attacks on CRYSTALS-KYBER and SABER can recover an entire secret message with a success rate of 100% using only a single trace regardless of an optimization level
Summary
The key encapsulation mechanism (KEM) is a public-key cryptosystem aimed at establishing key sharing between two parties. Ravi et al [41], [42] proposed chosen-ciphertext attacks (CCAs) on Round, LAC, CRYSTALS-KYBER, NewHope, SABER, and FrodoKEM They targeted error-correcting codes and message decoding operations in the decapsulation phase to extract secret keys. They use encoders that send message bits to the most significant bits of the modulo q space to derive cryptographically negligible decryption failure rates.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
