Higher-Order Boolean Masking Does Not Prevent Side-Channel Attacks on LWE/LWR-based PKE/KEMs

2023 IEEE 53rd International Symposium on Multiple-Valued Logic (ISMVL) Pub Date : 2023-05-01 DOI:10.1109/ISMVL57333.2023.00044

Kalle Ngo, Ruize Wang, E. Dubrova, Nils Paulsrud

{"title":"Higher-Order Boolean Masking Does Not Prevent Side-Channel Attacks on LWE/LWR-based PKE/KEMs","authors":"Kalle Ngo, Ruize Wang, E. Dubrova, Nils Paulsrud","doi":"10.1109/ISMVL57333.2023.00044","DOIUrl":null,"url":null,"abstract":"Public-key cryptographic schemes currently in use depend on the intractability of certain mathematical problems such as integer factorization or the discrete logarithm. However, Shor’s algorithm can solve these problems in polynomial time if large-scale quantum computers become available. This will compromise the security of today’s public-key cryptosystems. To address this issue, new public-key cryptographic primitives are being developed. One of them is Saber whose security relies on the Learning With Rounding (LWR) problem that is believed to be hard for quantum computers. The resistance of unprotected and first-order masked implementations of Saber to side-channel attacks has been already investigated. In this paper, we demonstrate the first successful message and secret key recovery attacks on the second- and third-order masked implementations of Saber in ARM Cortex-M4 CPU by deep learning-based power analysis. Our experimental results show that currently available software implementations of Saber need better protection.","PeriodicalId":419220,"journal":{"name":"2023 IEEE 53rd International Symposium on Multiple-Valued Logic (ISMVL)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 53rd International Symposium on Multiple-Valued Logic (ISMVL)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISMVL57333.2023.00044","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Public-key cryptographic schemes currently in use depend on the intractability of certain mathematical problems such as integer factorization or the discrete logarithm. However, Shor’s algorithm can solve these problems in polynomial time if large-scale quantum computers become available. This will compromise the security of today’s public-key cryptosystems. To address this issue, new public-key cryptographic primitives are being developed. One of them is Saber whose security relies on the Learning With Rounding (LWR) problem that is believed to be hard for quantum computers. The resistance of unprotected and first-order masked implementations of Saber to side-channel attacks has been already investigated. In this paper, we demonstrate the first successful message and secret key recovery attacks on the second- and third-order masked implementations of Saber in ARM Cortex-M4 CPU by deep learning-based power analysis. Our experimental results show that currently available software implementations of Saber need better protection.

查看原文本刊更多论文

高阶布尔屏蔽不能阻止基于LWE/ lwr的PKE/ kem的侧信道攻击

目前使用的公钥加密方案依赖于某些数学问题的难解性，如整数分解或离散对数。然而，如果大规模量子计算机可用，Shor算法可以在多项式时间内解决这些问题。这将危及当今公钥密码系统的安全性。为了解决这个问题，正在开发新的公钥加密原语。其中之一是Saber，其安全性依赖于被认为量子计算机难以解决的舍入学习(LWR)问题。已经研究了Saber的无保护和一阶掩码实现对侧信道攻击的抵抗力。在本文中，我们通过基于深度学习的功率分析，首次成功地对ARM Cortex-M4 CPU上的Saber的二阶和三阶掩码实现进行了消息和密钥恢复攻击。我们的实验结果表明，目前可用的Saber软件实现需要更好的保护。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE 53rd International Symposium on Multiple-Valued Logic (ISMVL)

自引率

0.00%

发文量