A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation

A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation

In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approa...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IACR transactions on cryptographic hardware and embedded systems 2021-08, Vol.2021 (4), p.676-707
Hauptverfasser: Ngo, Kalle, Dubrova, Elena, Guo, Qian, Johansson, Thomas
Format: Artikel
Sprache:eng
Schlagworte:
Computer and Information Science
Computer Science
Data- och informationsvetenskap (Datateknik)
Datavetenskap (datalogi)
Deep learning
Deep neural networks
Error correcting code
First order
Higher order modeling
IND-CCA
LWE/LWR-based KEM
Message recovery
Natural Sciences
Naturvetenskap
Post-quantum cryptography
Power analysis
Public-key cryptography
Recovery
Saber KEM
Secret key
Session key
Side channel attack
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.
ISSN:2569-2925
2569-2925
DOI:10.46586/tches.v2021.i4.676-707