On configurable SCA countermeasures against single trace attacks for the NTT

The Number Theoretic Transform (NTT) is a critical subblock used in several structured lattice-based schemes, including Kyber and Dilithium, which are finalist candidates in the NIST’s standardization process for post-quantum cryptography. The NTT was shown to be susceptible to single trace side-c...

Full description

Saved in:
Bibliographic Details
Main Authors: Ravi, Prasanna, Poussier, Romain, Bhasin, Shivam, Chattopadhyay, Anupam
Other Authors: School of Physical and Mathematical Sciences
Format: Conference or Workshop Item
Language:English
Published: 2021
Subjects:
Online Access:https://hdl.handle.net/10356/147131
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-147131
record_format dspace
spelling sg-ntu-dr.10356-1471312021-03-29T07:44:05Z On configurable SCA countermeasures against single trace attacks for the NTT Ravi, Prasanna Poussier, Romain Bhasin, Shivam Chattopadhyay, Anupam School of Physical and Mathematical Sciences School of Computer Science and Engineering International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2020) Temasek Laboratories @ NTU Engineering::Computer science and engineering Cryptography Embedded System The Number Theoretic Transform (NTT) is a critical subblock used in several structured lattice-based schemes, including Kyber and Dilithium, which are finalist candidates in the NIST’s standardization process for post-quantum cryptography. The NTT was shown to be susceptible to single trace side-channel attacks by Primas et al. in CHES 2017 and Pessl et al. in Latincrypt 2019 who demonstrated full key recovery from single traces on the ARM Cortex-M4 microcontroller. However, the cost of deploying suitable countermeasures to protect the NTT from these attacks on the same target platform has not yet been studied. In this work, we propose novel shuffling and masking countermeasures to protect the NTT from such single trace attacks. Firstly, we exploit arithmetic properties of twiddle constants used within the NTT computation to propose efficient and generic masking strategies for the NTT with configurable SCA resistance. Secondly, we also propose new variants of the shuffling countermeasure with varying granularity for the NTT. We perform a detailed comparative evaluation of the runtime performances for our proposed countermeasures within open source implementations of Kyber and Dilithium from the pqm4 library on the ARM Cortex-M4 microcontroller. Our proposed countermeasures yield a reasonable runtime overhead in the range of 7%–78% across all procedures of Kyber, while the runtime overheads are much more pronounced for Dilithium, ranging from 12%–197% for the key generation procedure and 32%– 490% for the signing procedure. National Research Foundation (NRF) The authors acknowledge the support from the Singapore National Research Foundation (“SOCure” grant NRF2018NCR-NCR002-0001 – www.green-ic.org/socure). 2021-03-29T07:41:01Z 2021-03-29T07:41:01Z 2020 Conference Paper Ravi, P., Poussier, R., Bhasin, S. & Chattopadhyay, A. (2020). On configurable SCA countermeasures against single trace attacks for the NTT. International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2020), 123-146. https://hdl.handle.net/10356/147131 123 146 en © 2020 Springer International Publishing AG, part of Springer Nature. All rights reserved.
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Engineering::Computer science and engineering
Cryptography
Embedded System
spellingShingle Engineering::Computer science and engineering
Cryptography
Embedded System
Ravi, Prasanna
Poussier, Romain
Bhasin, Shivam
Chattopadhyay, Anupam
On configurable SCA countermeasures against single trace attacks for the NTT
description The Number Theoretic Transform (NTT) is a critical subblock used in several structured lattice-based schemes, including Kyber and Dilithium, which are finalist candidates in the NIST’s standardization process for post-quantum cryptography. The NTT was shown to be susceptible to single trace side-channel attacks by Primas et al. in CHES 2017 and Pessl et al. in Latincrypt 2019 who demonstrated full key recovery from single traces on the ARM Cortex-M4 microcontroller. However, the cost of deploying suitable countermeasures to protect the NTT from these attacks on the same target platform has not yet been studied. In this work, we propose novel shuffling and masking countermeasures to protect the NTT from such single trace attacks. Firstly, we exploit arithmetic properties of twiddle constants used within the NTT computation to propose efficient and generic masking strategies for the NTT with configurable SCA resistance. Secondly, we also propose new variants of the shuffling countermeasure with varying granularity for the NTT. We perform a detailed comparative evaluation of the runtime performances for our proposed countermeasures within open source implementations of Kyber and Dilithium from the pqm4 library on the ARM Cortex-M4 microcontroller. Our proposed countermeasures yield a reasonable runtime overhead in the range of 7%–78% across all procedures of Kyber, while the runtime overheads are much more pronounced for Dilithium, ranging from 12%–197% for the key generation procedure and 32%– 490% for the signing procedure.
author2 School of Physical and Mathematical Sciences
author_facet School of Physical and Mathematical Sciences
Ravi, Prasanna
Poussier, Romain
Bhasin, Shivam
Chattopadhyay, Anupam
format Conference or Workshop Item
author Ravi, Prasanna
Poussier, Romain
Bhasin, Shivam
Chattopadhyay, Anupam
author_sort Ravi, Prasanna
title On configurable SCA countermeasures against single trace attacks for the NTT
title_short On configurable SCA countermeasures against single trace attacks for the NTT
title_full On configurable SCA countermeasures against single trace attacks for the NTT
title_fullStr On configurable SCA countermeasures against single trace attacks for the NTT
title_full_unstemmed On configurable SCA countermeasures against single trace attacks for the NTT
title_sort on configurable sca countermeasures against single trace attacks for the ntt
publishDate 2021
url https://hdl.handle.net/10356/147131
_version_ 1695706239567134720