Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs

In this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When dec...

Full description

Saved in:
Bibliographic Details
Main Authors: Ravi, Prasanna, Ezerman, Martianus Frederic, Bhasin, Shivam, Chattopadhyay, Anupam, Sinha Roy, Sujoy
Other Authors: School of Physical and Mathematical Sciences
Format: Article
Language:English
Published: 2022
Subjects:
Online Access:https://hdl.handle.net/10356/155579
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-155579
record_format dspace
spelling sg-ntu-dr.10356-1555792022-03-12T20:11:53Z Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs Ravi, Prasanna Ezerman, Martianus Frederic Bhasin, Shivam Chattopadhyay, Anupam Sinha Roy, Sujoy School of Physical and Mathematical Sciences School of Computer Science and Engineering Temasek Laboratories @ NTU Science::Mathematics::Discrete mathematics::Cryptography Lattice-Based Cryptography Side-Channel Attack In this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When decapsulated by the target device, these ciphertexts ensure that a targeted intermediate variable becomes very closely related to the secret key. An attacker, who can obtain information about the secret-dependent variable through side-channels, can subsequently recover the full secret key. We propose several novel CCAs which can be carried through by using side-channel leakage from the decapsulation procedure. The attacks instantiate three different types of oracles, namely a plaintext-checking oracle, a decryptionfailure oracle, and a full-decryption oracle, and are applicable to two NTRU-based schemes, which are NTRU and NTRU Prime. The two schemes are candidates in the ongoing NIST standardization process for post-quantum cryptography. We perform experimental validation of the attacks on optimized and unprotected implementations of NTRU-based schemes, taken from the open-source pqm4 library, using the EM-based side-channel on the 32-bit ARM Cortex-M4 microcontroller. All of our proposed attacks are capable of recovering the full secret key in only a few thousand chosen ciphertext queries on all parameter sets of NTRU and NTRU Prime. Our attacks, therefore, stress on the need for concrete side-channel protection strategies for NTRUbased KEMs. Published version 2022-03-08T05:35:11Z 2022-03-08T05:35:11Z 2022 Journal Article Ravi, P., Ezerman, M. F., Bhasin, S., Chattopadhyay, A. & Sinha Roy, S. (2022). Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs. IACR Transactions On Cryptographic Hardware and Embedded Systems, 2022(1), 722-761. https://dx.doi.org/10.46586/tches.v2022.i1.722-761 2569-2925 https://hdl.handle.net/10356/155579 10.46586/tches.v2022.i1.722-761 1 2022 722 761 en IACR Transactions on Cryptographic Hardware and Embedded Systems © 2021 Prasanna Ravi, Martianus Frederic Ezerman, Shivam Bhasin, Anupam Chattopadhyay, Sujoy Sinha Roy. This work is licensed under a Creative Commons Attribution 4.0 International License. application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Science::Mathematics::Discrete mathematics::Cryptography
Lattice-Based Cryptography
Side-Channel Attack
spellingShingle Science::Mathematics::Discrete mathematics::Cryptography
Lattice-Based Cryptography
Side-Channel Attack
Ravi, Prasanna
Ezerman, Martianus Frederic
Bhasin, Shivam
Chattopadhyay, Anupam
Sinha Roy, Sujoy
Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs
description In this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When decapsulated by the target device, these ciphertexts ensure that a targeted intermediate variable becomes very closely related to the secret key. An attacker, who can obtain information about the secret-dependent variable through side-channels, can subsequently recover the full secret key. We propose several novel CCAs which can be carried through by using side-channel leakage from the decapsulation procedure. The attacks instantiate three different types of oracles, namely a plaintext-checking oracle, a decryptionfailure oracle, and a full-decryption oracle, and are applicable to two NTRU-based schemes, which are NTRU and NTRU Prime. The two schemes are candidates in the ongoing NIST standardization process for post-quantum cryptography. We perform experimental validation of the attacks on optimized and unprotected implementations of NTRU-based schemes, taken from the open-source pqm4 library, using the EM-based side-channel on the 32-bit ARM Cortex-M4 microcontroller. All of our proposed attacks are capable of recovering the full secret key in only a few thousand chosen ciphertext queries on all parameter sets of NTRU and NTRU Prime. Our attacks, therefore, stress on the need for concrete side-channel protection strategies for NTRUbased KEMs.
author2 School of Physical and Mathematical Sciences
author_facet School of Physical and Mathematical Sciences
Ravi, Prasanna
Ezerman, Martianus Frederic
Bhasin, Shivam
Chattopadhyay, Anupam
Sinha Roy, Sujoy
format Article
author Ravi, Prasanna
Ezerman, Martianus Frederic
Bhasin, Shivam
Chattopadhyay, Anupam
Sinha Roy, Sujoy
author_sort Ravi, Prasanna
title Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs
title_short Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs
title_full Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs
title_fullStr Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs
title_full_unstemmed Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs
title_sort will you cross the threshold for me? generic side-channel assisted chosen-ciphertext attacks on ntru-based kems
publishDate 2022
url https://hdl.handle.net/10356/155579
_version_ 1728433364185120768