On configurable SCA countermeasures against single trace attacks for the NTT
The Number Theoretic Transform (NTT) is a critical subblock used in several structured lattice-based schemes, including Kyber and Dilithium, which are finalist candidates in the NIST’s standardization process for post-quantum cryptography. The NTT was shown to be susceptible to single trace side-c...
Saved in:
Main Authors: | , , , |
---|---|
Other Authors: | |
Format: | Conference or Workshop Item |
Language: | English |
Published: |
2021
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/147131 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-147131 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1471312021-03-29T07:44:05Z On configurable SCA countermeasures against single trace attacks for the NTT Ravi, Prasanna Poussier, Romain Bhasin, Shivam Chattopadhyay, Anupam School of Physical and Mathematical Sciences School of Computer Science and Engineering International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2020) Temasek Laboratories @ NTU Engineering::Computer science and engineering Cryptography Embedded System The Number Theoretic Transform (NTT) is a critical subblock used in several structured lattice-based schemes, including Kyber and Dilithium, which are finalist candidates in the NIST’s standardization process for post-quantum cryptography. The NTT was shown to be susceptible to single trace side-channel attacks by Primas et al. in CHES 2017 and Pessl et al. in Latincrypt 2019 who demonstrated full key recovery from single traces on the ARM Cortex-M4 microcontroller. However, the cost of deploying suitable countermeasures to protect the NTT from these attacks on the same target platform has not yet been studied. In this work, we propose novel shuffling and masking countermeasures to protect the NTT from such single trace attacks. Firstly, we exploit arithmetic properties of twiddle constants used within the NTT computation to propose efficient and generic masking strategies for the NTT with configurable SCA resistance. Secondly, we also propose new variants of the shuffling countermeasure with varying granularity for the NTT. We perform a detailed comparative evaluation of the runtime performances for our proposed countermeasures within open source implementations of Kyber and Dilithium from the pqm4 library on the ARM Cortex-M4 microcontroller. Our proposed countermeasures yield a reasonable runtime overhead in the range of 7%–78% across all procedures of Kyber, while the runtime overheads are much more pronounced for Dilithium, ranging from 12%–197% for the key generation procedure and 32%– 490% for the signing procedure. National Research Foundation (NRF) The authors acknowledge the support from the Singapore National Research Foundation (“SOCure” grant NRF2018NCR-NCR002-0001 – www.green-ic.org/socure). 2021-03-29T07:41:01Z 2021-03-29T07:41:01Z 2020 Conference Paper Ravi, P., Poussier, R., Bhasin, S. & Chattopadhyay, A. (2020). On configurable SCA countermeasures against single trace attacks for the NTT. International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2020), 123-146. https://hdl.handle.net/10356/147131 123 146 en © 2020 Springer International Publishing AG, part of Springer Nature. All rights reserved. |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Engineering::Computer science and engineering Cryptography Embedded System |
spellingShingle |
Engineering::Computer science and engineering Cryptography Embedded System Ravi, Prasanna Poussier, Romain Bhasin, Shivam Chattopadhyay, Anupam On configurable SCA countermeasures against single trace attacks for the NTT |
description |
The Number Theoretic Transform (NTT) is a critical subblock used in several structured lattice-based schemes, including Kyber
and Dilithium, which are finalist candidates in the NIST’s standardization process for post-quantum cryptography. The NTT was shown to be
susceptible to single trace side-channel attacks by Primas et al. in CHES
2017 and Pessl et al. in Latincrypt 2019 who demonstrated full key recovery from single traces on the ARM Cortex-M4 microcontroller. However,
the cost of deploying suitable countermeasures to protect the NTT from
these attacks on the same target platform has not yet been studied. In
this work, we propose novel shuffling and masking countermeasures to
protect the NTT from such single trace attacks. Firstly, we exploit arithmetic properties of twiddle constants used within the NTT computation
to propose efficient and generic masking strategies for the NTT with
configurable SCA resistance. Secondly, we also propose new variants of
the shuffling countermeasure with varying granularity for the NTT. We
perform a detailed comparative evaluation of the runtime performances
for our proposed countermeasures within open source implementations
of Kyber and Dilithium from the pqm4 library on the ARM Cortex-M4
microcontroller. Our proposed countermeasures yield a reasonable runtime overhead in the range of 7%–78% across all procedures of Kyber,
while the runtime overheads are much more pronounced for Dilithium,
ranging from 12%–197% for the key generation procedure and 32%–
490% for the signing procedure. |
author2 |
School of Physical and Mathematical Sciences |
author_facet |
School of Physical and Mathematical Sciences Ravi, Prasanna Poussier, Romain Bhasin, Shivam Chattopadhyay, Anupam |
format |
Conference or Workshop Item |
author |
Ravi, Prasanna Poussier, Romain Bhasin, Shivam Chattopadhyay, Anupam |
author_sort |
Ravi, Prasanna |
title |
On configurable SCA countermeasures against single trace attacks for the NTT |
title_short |
On configurable SCA countermeasures against single trace attacks for the NTT |
title_full |
On configurable SCA countermeasures against single trace attacks for the NTT |
title_fullStr |
On configurable SCA countermeasures against single trace attacks for the NTT |
title_full_unstemmed |
On configurable SCA countermeasures against single trace attacks for the NTT |
title_sort |
on configurable sca countermeasures against single trace attacks for the ntt |
publishDate |
2021 |
url |
https://hdl.handle.net/10356/147131 |
_version_ |
1695706239567134720 |