Two Low-Cost and Security-Enhanced Implementations Against Side-Channel Attacks of NTT for Lattice-Based Cryptography

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Emerging Topics in Computing Pub Date : 2025-03-27 DOI:10.1109/TETC.2025.3552941

Yijun Cui;Jiatong Tian;Chuanchao Lu;Yang Li;Ziying Ni;Chenghua Wang;Weiqiang Liu

{"title":"Two Low-Cost and Security-Enhanced Implementations Against Side-Channel Attacks of NTT for Lattice-Based Cryptography","authors":"Yijun Cui;Jiatong Tian;Chuanchao Lu;Yang Li;Ziying Ni;Chenghua Wang;Weiqiang Liu","doi":"10.1109/TETC.2025.3552941","DOIUrl":null,"url":null,"abstract":"Lattice-based cryptography is considered secure against quantum computing attacks. However, naive implementations on embedded devices are vulnerable to side-channel attacks (SCAs) with full key recovery possible through power and electromagnetic leakage analysis. This article presents two protection schemes, masking and shuffling, for the baseline Radix-2 multi-path delay commutator (R2MDC) number theoretic transform (NTT) architecture. The proposed masking NTT scheme introduces a random number to protect the secret key during the decryption phase and leverages the linear property of arithmetic transform in NTT polynomial multiplication. By adjusting the comparing decoding threshold, the masking method greatly reduces the ratio of <inline-formula><tex-math>$t$</tex-math></inline-formula>-<inline-formula><tex-math>$test$</tex-math></inline-formula> value exceeding the threshold of unprotected NTT scheme from 77.38% to 3.91%. An ingenious shuffling transform process is also proposed to disturb the calculation sequence of butterfly transformation, adapting to the high-throughput architecture of R2MDC-NTT. This shuffling NTT scheme does not require operations to remove shuffle or additional operation cycles, reducing the leakage ratio to 13.49% with minimal extra hardware resources and wide applicability. The proposed masking and shuffling techniques effectively suppress side-channel leakage, improving the security of hardware architecture while maintaining a balance between overall performance and additional hardware resources.","PeriodicalId":13156,"journal":{"name":"IEEE Transactions on Emerging Topics in Computing","volume":"13 3","pages":"977-989"},"PeriodicalIF":5.4000,"publicationDate":"2025-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Emerging Topics in Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10944260/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Lattice-based cryptography is considered secure against quantum computing attacks. However, naive implementations on embedded devices are vulnerable to side-channel attacks (SCAs) with full key recovery possible through power and electromagnetic leakage analysis. This article presents two protection schemes, masking and shuffling, for the baseline Radix-2 multi-path delay commutator (R2MDC) number theoretic transform (NTT) architecture. The proposed masking NTT scheme introduces a random number to protect the secret key during the decryption phase and leverages the linear property of arithmetic transform in NTT polynomial multiplication. By adjusting the comparing decoding threshold, the masking method greatly reduces the ratio of

$t$

$test$

value exceeding the threshold of unprotected NTT scheme from 77.38% to 3.91%. An ingenious shuffling transform process is also proposed to disturb the calculation sequence of butterfly transformation, adapting to the high-throughput architecture of R2MDC-NTT. This shuffling NTT scheme does not require operations to remove shuffle or additional operation cycles, reducing the leakage ratio to 13.49% with minimal extra hardware resources and wide applicability. The proposed masking and shuffling techniques effectively suppress side-channel leakage, improving the security of hardware architecture while maintaining a balance between overall performance and additional hardware resources.

查看原文本刊更多论文

两种低成本和安全增强的NTT对格密码侧信道攻击的实现

基于格子的密码被认为是安全的，可以抵御量子计算攻击。然而，嵌入式设备上的幼稚实现容易受到侧信道攻击（sca）的攻击，通过电源和电磁泄漏分析可以完全恢复密钥。本文提出了基线基数-2多径延迟换向器（R2MDC）数论变换（NTT）体系结构的两种保护方案：屏蔽和变换。提出的掩码NTT方案在解密阶段引入随机数来保护密钥，并利用了NTT多项式乘法中算术变换的线性特性。掩码方法通过调整比较解码阈值，使$t$-$test$值超过无保护NTT方案阈值的比例从77.38%大大降低到3.91%。为了适应R2MDC-NTT的高通量架构，提出了一种巧妙的变换变换过程，打乱了蝴蝶变换的计算顺序。该洗牌NTT方案不需要移除洗牌操作或额外的操作周期，将泄漏率降低至13.49%，额外硬件资源最少，适用性广。所提出的屏蔽和变换技术有效地抑制了侧信道泄漏，提高了硬件架构的安全性，同时保持了整体性能和额外硬件资源之间的平衡。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Emerging Topics in Computing Computer Science-Computer Science (miscellaneous)

CiteScore

12.10

自引率

5.10%

发文量

113

期刊介绍： IEEE Transactions on Emerging Topics in Computing publishes papers on emerging aspects of computer science, computing technology, and computing applications not currently covered by other IEEE Computer Society Transactions. Some examples of emerging topics in computing include: IT for Green, Synthetic and organic computing structures and systems, Advanced analytics, Social/occupational computing, Location-based/client computer systems, Morphic computer design, Electronic game systems, & Health-care IT.