Will You Cross the Threshold for Me?

Will You Cross the Threshold for Me?

In this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When de...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Prasanna Ravi, Martianus Frederic Ezerman, Shivam Bhasin, Anupam Chattopadhyay, Sujoy Sinha Roy
Formato: article
Lenguaje:EN
Publicado: Ruhr-Universität Bochum 2021
Materias:
lattice-based cryptography
electromagnetic-based side-channel attack
learning with error
learning with rounding
chosen ciphertext attack
public key encryption
Computer engineering. Computer hardware
TK7885-7895
Information technology
T58.5-58.64
Acceso en línea:https://doaj.org/article/16817e14128f47669e2cd845b0e340f1
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:16817e14128f47669e2cd845b0e340f1
record_format dspace
spelling oai:doaj.org-article:16817e14128f47669e2cd845b0e340f12021-11-19T14:36:04ZWill You Cross the Threshold for Me?10.46586/tches.v2022.i1.722-7612569-2925https://doaj.org/article/16817e14128f47669e2cd845b0e340f12021-11-01T00:00:00Zhttps://tches.iacr.org/index.php/TCHES/article/view/9313https://doaj.org/toc/2569-2925 In this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When decapsulated by the target device, these ciphertexts ensure that a targeted intermediate variable becomes very closely related to the secret key. An attacker, who can obtain information about the secret-dependent variable through side-channels, can subsequently recover the full secret key. We propose several novel CCAs which can be carried through by using side-channel leakage from the decapsulation procedure. The attacks instantiate three different types of oracles, namely a plaintext-checking oracle, a decryptionfailure oracle, and a full-decryption oracle, and are applicable to two NTRU-based schemes, which are NTRU and NTRU Prime. The two schemes are candidates in the ongoing NIST standardization process for post-quantum cryptography. We perform experimental validation of the attacks on optimized and unprotected implementations of NTRU-based schemes, taken from the open-source pqm4 library, using the EM-based side-channel on the 32-bit ARM Cortex-M4 microcontroller. All of our proposed attacks are capable of recovering the full secret key in only a few thousand chosen ciphertext queries on all parameter sets of NTRU and NTRU Prime. Our attacks, therefore, stress on the need for concrete side-channel protection strategies for NTRUbased KEMs. Prasanna RaviMartianus Frederic EzermanShivam BhasinAnupam ChattopadhyaySujoy Sinha RoyRuhr-Universität Bochumarticlelattice-based cryptographyelectromagnetic-based side-channel attacklearning with errorlearning with roundingchosen ciphertext attackpublic key encryptionComputer engineering. Computer hardwareTK7885-7895Information technologyT58.5-58.64ENTransactions on Cryptographic Hardware and Embedded Systems, Vol 2022, Iss 1 (2021)
institution DOAJ
collection DOAJ
language EN
topic lattice-based cryptography
electromagnetic-based side-channel attack
learning with error
learning with rounding
chosen ciphertext attack
public key encryption
Computer engineering. Computer hardware
TK7885-7895
Information technology
T58.5-58.64
spellingShingle lattice-based cryptography
electromagnetic-based side-channel attack
learning with error
learning with rounding
chosen ciphertext attack
public key encryption
Computer engineering. Computer hardware
TK7885-7895
Information technology
T58.5-58.64
Prasanna Ravi
Martianus Frederic Ezerman
Shivam Bhasin
Anupam Chattopadhyay
Sujoy Sinha Roy
Will You Cross the Threshold for Me?
description In this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When decapsulated by the target device, these ciphertexts ensure that a targeted intermediate variable becomes very closely related to the secret key. An attacker, who can obtain information about the secret-dependent variable through side-channels, can subsequently recover the full secret key. We propose several novel CCAs which can be carried through by using side-channel leakage from the decapsulation procedure. The attacks instantiate three different types of oracles, namely a plaintext-checking oracle, a decryptionfailure oracle, and a full-decryption oracle, and are applicable to two NTRU-based schemes, which are NTRU and NTRU Prime. The two schemes are candidates in the ongoing NIST standardization process for post-quantum cryptography. We perform experimental validation of the attacks on optimized and unprotected implementations of NTRU-based schemes, taken from the open-source pqm4 library, using the EM-based side-channel on the 32-bit ARM Cortex-M4 microcontroller. All of our proposed attacks are capable of recovering the full secret key in only a few thousand chosen ciphertext queries on all parameter sets of NTRU and NTRU Prime. Our attacks, therefore, stress on the need for concrete side-channel protection strategies for NTRUbased KEMs.
format article
author Prasanna Ravi
Martianus Frederic Ezerman
Shivam Bhasin
Anupam Chattopadhyay
Sujoy Sinha Roy
author_facet Prasanna Ravi
Martianus Frederic Ezerman
Shivam Bhasin
Anupam Chattopadhyay
Sujoy Sinha Roy
author_sort Prasanna Ravi
title Will You Cross the Threshold for Me?
title_short Will You Cross the Threshold for Me?
title_full Will You Cross the Threshold for Me?
title_fullStr Will You Cross the Threshold for Me?
title_full_unstemmed Will You Cross the Threshold for Me?
title_sort will you cross the threshold for me?
publisher Ruhr-Universität Bochum
publishDate 2021
url https://doaj.org/article/16817e14128f47669e2cd845b0e340f1
work_keys_str_mv AT prasannaravi willyoucrossthethresholdforme
AT martianusfredericezerman willyoucrossthethresholdforme
AT shivambhasin willyoucrossthethresholdforme
AT anupamchattopadhyay willyoucrossthethresholdforme
AT sujoysinharoy willyoucrossthethresholdforme
_version_ 1718420055744577536

Ejemplares similares