Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs
In this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When dec...
Saved in:
Main Authors: | , , , , |
---|---|
Other Authors: | |
Format: | Article |
Language: | English |
Published: |
2022
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/155579 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-155579 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1555792022-03-12T20:11:53Z Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs Ravi, Prasanna Ezerman, Martianus Frederic Bhasin, Shivam Chattopadhyay, Anupam Sinha Roy, Sujoy School of Physical and Mathematical Sciences School of Computer Science and Engineering Temasek Laboratories @ NTU Science::Mathematics::Discrete mathematics::Cryptography Lattice-Based Cryptography Side-Channel Attack In this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When decapsulated by the target device, these ciphertexts ensure that a targeted intermediate variable becomes very closely related to the secret key. An attacker, who can obtain information about the secret-dependent variable through side-channels, can subsequently recover the full secret key. We propose several novel CCAs which can be carried through by using side-channel leakage from the decapsulation procedure. The attacks instantiate three different types of oracles, namely a plaintext-checking oracle, a decryptionfailure oracle, and a full-decryption oracle, and are applicable to two NTRU-based schemes, which are NTRU and NTRU Prime. The two schemes are candidates in the ongoing NIST standardization process for post-quantum cryptography. We perform experimental validation of the attacks on optimized and unprotected implementations of NTRU-based schemes, taken from the open-source pqm4 library, using the EM-based side-channel on the 32-bit ARM Cortex-M4 microcontroller. All of our proposed attacks are capable of recovering the full secret key in only a few thousand chosen ciphertext queries on all parameter sets of NTRU and NTRU Prime. Our attacks, therefore, stress on the need for concrete side-channel protection strategies for NTRUbased KEMs. Published version 2022-03-08T05:35:11Z 2022-03-08T05:35:11Z 2022 Journal Article Ravi, P., Ezerman, M. F., Bhasin, S., Chattopadhyay, A. & Sinha Roy, S. (2022). Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs. IACR Transactions On Cryptographic Hardware and Embedded Systems, 2022(1), 722-761. https://dx.doi.org/10.46586/tches.v2022.i1.722-761 2569-2925 https://hdl.handle.net/10356/155579 10.46586/tches.v2022.i1.722-761 1 2022 722 761 en IACR Transactions on Cryptographic Hardware and Embedded Systems © 2021 Prasanna Ravi, Martianus Frederic Ezerman, Shivam Bhasin, Anupam Chattopadhyay, Sujoy Sinha Roy. This work is licensed under a Creative Commons Attribution 4.0 International License. application/pdf |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Science::Mathematics::Discrete mathematics::Cryptography Lattice-Based Cryptography Side-Channel Attack |
spellingShingle |
Science::Mathematics::Discrete mathematics::Cryptography Lattice-Based Cryptography Side-Channel Attack Ravi, Prasanna Ezerman, Martianus Frederic Bhasin, Shivam Chattopadhyay, Anupam Sinha Roy, Sujoy Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs |
description |
In this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When decapsulated by the target device, these ciphertexts ensure that a targeted intermediate variable becomes very closely related to the secret key. An attacker, who can obtain information about the secret-dependent variable through side-channels, can subsequently recover the full secret key. We propose several novel CCAs which can be carried through by using side-channel leakage from the decapsulation procedure. The attacks instantiate three different types of oracles, namely a plaintext-checking oracle, a decryptionfailure oracle, and a full-decryption oracle, and are applicable to two NTRU-based schemes, which are NTRU and NTRU Prime. The two schemes are candidates in the ongoing NIST standardization process for post-quantum cryptography. We perform experimental validation of the attacks on optimized and unprotected implementations of NTRU-based schemes, taken from the open-source pqm4 library, using the EM-based side-channel on the 32-bit ARM Cortex-M4 microcontroller. All of our proposed attacks are capable of recovering the full secret key in only a few thousand chosen ciphertext queries on all parameter sets of NTRU and NTRU Prime. Our attacks, therefore, stress on the need for concrete side-channel protection strategies for NTRUbased KEMs. |
author2 |
School of Physical and Mathematical Sciences |
author_facet |
School of Physical and Mathematical Sciences Ravi, Prasanna Ezerman, Martianus Frederic Bhasin, Shivam Chattopadhyay, Anupam Sinha Roy, Sujoy |
format |
Article |
author |
Ravi, Prasanna Ezerman, Martianus Frederic Bhasin, Shivam Chattopadhyay, Anupam Sinha Roy, Sujoy |
author_sort |
Ravi, Prasanna |
title |
Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs |
title_short |
Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs |
title_full |
Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs |
title_fullStr |
Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs |
title_full_unstemmed |
Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs |
title_sort |
will you cross the threshold for me? generic side-channel assisted chosen-ciphertext attacks on ntru-based kems |
publishDate |
2022 |
url |
https://hdl.handle.net/10356/155579 |
_version_ |
1728433364185120768 |