Carry Your Fault: A Fault Propagation Attack on Side-Channel Protected LWE-based KEM

IACR Cryptol. ePrint Arch. Pub Date : 2024-01-25 DOI:10.48550/arXiv.2401.14098

Suparna Kundu, Siddhartha Chowdhury, Sayandeep Saha, A. Karmakar, Debdeep Mukhopadhyay, Ingrid Verbauwhede

{"title":"Carry Your Fault: A Fault Propagation Attack on Side-Channel Protected LWE-based KEM","authors":"Suparna Kundu, Siddhartha Chowdhury, Sayandeep Saha, A. Karmakar, Debdeep Mukhopadhyay, Ingrid Verbauwhede","doi":"10.48550/arXiv.2401.14098","DOIUrl":null,"url":null,"abstract":"Post-quantum cryptographic (PQC) algorithms, especially those based on the learning with errors (LWE) problem, have been subjected to several physical attacks in the recent past. Although the attacks broadly belong to two classes – passive side-channel attacks and active fault attacks, the attack strategies vary significantly due to the inherent complexities of such algorithms. Exploring further attack surfaces is, therefore, an important step for eventually securing the deployment of these algorithms. Also, it is mportant to test the robustness of the already proposed countermeasures in this regard. In this work, we propose a new fault attack on side-channel secure masked implementation of LWE-based key-encapsulation mechanisms (KEMs) exploiting fault propagation. The attack typically originates due to an algorithmic modification widely used to enable masking, namely the Arithmetic-to-Boolean (A2B) conversion. We exploit the data dependency of the adder carry chain in A2B and extract sensitive information, albeit masking (of arbitrary order) being present. As a practical demonstration of the exploitability of this information leakage, we show key recovery attacks of Kyber, although the leakage also exists for other schemes like Saber. The attack on Kyber targets the decapsulation module and utilizes Belief Propagation (BP) for key recovery. To the best of our knowledge, it is the first attack exploiting an algorithmic component introduced to ease masking rather than only exploiting the randomness introduced by masking to obtain desired faults (as done by Delvaux [Del22]). Finally, we performed both simulated and electromagnetic (EM) fault-based practical validation of the attack for an open-source first-order secure Kyber implementation running on an STM32 platform.","PeriodicalId":508905,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"56 5","pages":"1674"},"PeriodicalIF":0.0000,"publicationDate":"2024-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Cryptol. ePrint Arch.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.48550/arXiv.2401.14098","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Post-quantum cryptographic (PQC) algorithms, especially those based on the learning with errors (LWE) problem, have been subjected to several physical attacks in the recent past. Although the attacks broadly belong to two classes – passive side-channel attacks and active fault attacks, the attack strategies vary significantly due to the inherent complexities of such algorithms. Exploring further attack surfaces is, therefore, an important step for eventually securing the deployment of these algorithms. Also, it is mportant to test the robustness of the already proposed countermeasures in this regard. In this work, we propose a new fault attack on side-channel secure masked implementation of LWE-based key-encapsulation mechanisms (KEMs) exploiting fault propagation. The attack typically originates due to an algorithmic modification widely used to enable masking, namely the Arithmetic-to-Boolean (A2B) conversion. We exploit the data dependency of the adder carry chain in A2B and extract sensitive information, albeit masking (of arbitrary order) being present. As a practical demonstration of the exploitability of this information leakage, we show key recovery attacks of Kyber, although the leakage also exists for other schemes like Saber. The attack on Kyber targets the decapsulation module and utilizes Belief Propagation (BP) for key recovery. To the best of our knowledge, it is the first attack exploiting an algorithmic component introduced to ease masking rather than only exploiting the randomness introduced by masking to obtain desired faults (as done by Delvaux [Del22]). Finally, we performed both simulated and electromagnetic (EM) fault-based practical validation of the attack for an open-source first-order secure Kyber implementation running on an STM32 platform.

查看原文本刊更多论文

携带你的故障：基于侧信道保护的 LWE KEM 的故障传播攻击

后量子加密（PQC）算法，尤其是那些基于错误学习（LWE）问题的算法，在最近的一段时间里受到了多种物理攻击。虽然这些攻击大致分为两类--被动侧信道攻击和主动故障攻击，但由于这类算法本身的复杂性，攻击策略也大不相同。因此，进一步探索攻击面是最终确保这些算法部署安全的重要一步。此外，测试已提出的应对措施在这方面的鲁棒性也很重要。在这项工作中，我们提出了一种利用故障传播对基于 LWE 的密钥封装机制（KEM）的侧信道安全掩蔽实施的新故障攻击。这种攻击通常源于为实现掩码而广泛使用的算法修改，即算术到布尔（A2B）转换。我们利用 A2B 中加法器进位链的数据依赖性，提取敏感信息，尽管屏蔽（任意顺序）是存在的。作为对这种信息泄漏可利用性的实际演示，我们展示了对 Kyber 的密钥恢复攻击，尽管这种泄漏也存在于 Saber 等其他方案中。对 Kyber 的攻击针对解封装模块，并利用信念传播（BP）进行密钥恢复。据我们所知，这是首次利用为简化掩码而引入的算法组件进行的攻击，而不是仅仅利用掩码引入的随机性来获取所需的故障（如 Delvaux [Del22] 所做的）。最后，我们对运行在 STM32 平台上的开源一阶安全 Kyber 实现的攻击进行了模拟和基于电磁（EM）故障的实际验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IACR Cryptol. ePrint Arch.

自引率

0.00%

发文量