Chosen ciphertext Simple Power Analysis on software 8-bit implementation of ring-LWE encryption

Abstract

Post-quantum cryptographic schemes have been developed in response to the rise of quantum computers. Fortunately, several schemes have been developed with quantum resistance. However, it is not surprising that implementations of post-quantum cryptographic schemes are vulnerable to Side Channel Analysis (SCA) attacks because post-quantum cryptographic schemes will require implementation on the same platforms which are widely used in the industrial field. SCA attack method and their countermeasures for code-based post-quantum cryptosystem, such as McEliece, have been investigated. Unfortunately, the investigation of the ring-LWE problem in terms of SCA is as yet insufficient. There has only been limited research on the side-channel vulnerabilities of lattice-based implementations. In this paper, we propose the first Simple Power Analysis (SPA) attack on the ring-LWE encryption scheme. The proposed attack exploits the chosen ciphertext and the vulnerability associated with the modular addition, which is applicable when a ring-LWE encryption scheme operates on 8-bit microcontroller devices. We also identify the vulnerability associated with the modular addition operation of 8-bit implementation. When operating a ring-LWE encryption scheme on an 8-bit device, the secret key can be revealed via this vulnerability using the proposed chosen-ciphertext SPA attack.