Horizontal side-channel vulnerabilities of post-quantum key exchange protocols

2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2018-04-01 DOI:10.1109/HST.2018.8383894

Aydin Aysu, Y. Tobah, Mohit Tiwari, A. Gerstlauer, M. Orshansky

{"title":"Horizontal side-channel vulnerabilities of post-quantum key exchange protocols","authors":"Aydin Aysu, Y. Tobah, Mohit Tiwari, A. Gerstlauer, M. Orshansky","doi":"10.1109/HST.2018.8383894","DOIUrl":null,"url":null,"abstract":"Key exchange protocols establish a secret key to confidentially communicate digital information over public channels. Lattice-based key exchange protocols are a promising alternative for next-generation applications due to their quantum-cryptanalysis resistance and implementation efficiency. While these constructions rely on the theory of quantum-resistant lattice problems, their practical implementations have shown vulnerability against side-channel attacks in the context of public-key encryption or digital signatures. Applying such attacks on key exchange protocols is, however, much more challenging because the secret key changes after each execution of the protocol, limiting the side-channel adversary to a single measurement. In this paper, we demonstrate the first successful power side-channel attack on lattice-based key exchange protocols. The attack targets the hardware implementation of matrix and polynomial multiplication used in these protocols. The crux of our idea is to apply a horizontal attack that makes hypothesis on several intermediate values within a single execution all relating to the same secret and to combine their correlations for accurately estimating the secret key. We illustrate that the design of key exchange protocols combined with the nature of lattice arithmetic enables our attack. Since a straightforward attack suffers from false positives, we demonstrate a novel procedure to recover the key by following the sequence of intermediate updates during multiplication. We analyzed two key exchange protocols, NewHope (USENIX'16) and Frodo (CCS'16), and show that their implementations can be vulnerable to our attack. We test the effectiveness of the proposed attack using concrete parameters of these protocols on a physical platform with real measurements. On a SAKURA-G FPGA Board, we show that the proposed attack can estimate the entire secret key from a single power measurement with over 99% success rate.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"52 1","pages":"81-88"},"PeriodicalIF":0.0000,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"50","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2018.8383894","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 50

Abstract

Key exchange protocols establish a secret key to confidentially communicate digital information over public channels. Lattice-based key exchange protocols are a promising alternative for next-generation applications due to their quantum-cryptanalysis resistance and implementation efficiency. While these constructions rely on the theory of quantum-resistant lattice problems, their practical implementations have shown vulnerability against side-channel attacks in the context of public-key encryption or digital signatures. Applying such attacks on key exchange protocols is, however, much more challenging because the secret key changes after each execution of the protocol, limiting the side-channel adversary to a single measurement. In this paper, we demonstrate the first successful power side-channel attack on lattice-based key exchange protocols. The attack targets the hardware implementation of matrix and polynomial multiplication used in these protocols. The crux of our idea is to apply a horizontal attack that makes hypothesis on several intermediate values within a single execution all relating to the same secret and to combine their correlations for accurately estimating the secret key. We illustrate that the design of key exchange protocols combined with the nature of lattice arithmetic enables our attack. Since a straightforward attack suffers from false positives, we demonstrate a novel procedure to recover the key by following the sequence of intermediate updates during multiplication. We analyzed two key exchange protocols, NewHope (USENIX'16) and Frodo (CCS'16), and show that their implementations can be vulnerable to our attack. We test the effectiveness of the proposed attack using concrete parameters of these protocols on a physical platform with real measurements. On a SAKURA-G FPGA Board, we show that the proposed attack can estimate the entire secret key from a single power measurement with over 99% success rate.

查看原文本刊更多论文

后量子密钥交换协议的横向侧信道漏洞

密钥交换协议建立一个秘密密钥，在公共通道上保密地通信数字信息。基于格子的密钥交换协议由于其抗量子密码分析和实现效率而成为下一代应用的一个有前途的替代方案。虽然这些结构依赖于抗量子晶格问题的理论，但它们的实际实现表明，在公钥加密或数字签名的背景下，它们容易受到侧信道攻击。然而，在密钥交换协议上应用这种攻击更具挑战性，因为密钥在每次执行协议后都会更改，从而将侧信道攻击者限制在单个测量上。在本文中，我们展示了第一个成功的基于格子的密钥交换协议的功率侧信道攻击。攻击的目标是这些协议中使用的矩阵和多项式乘法的硬件实现。我们想法的关键是应用水平攻击，在一次执行中对与同一密钥相关的多个中间值进行假设，并结合它们的相关性以准确估计密钥。我们说明了密钥交换协议的设计与格算法的性质相结合，使我们的攻击成为可能。由于直接攻击会出现误报，因此我们演示了一种新的过程，通过遵循乘法期间的中间更新序列来恢复密钥。我们分析了两个密钥交换协议，NewHope (USENIX'16)和Frodo (CCS'16)，并表明它们的实现可能容易受到我们的攻击。我们在实际测量的物理平台上使用这些协议的具体参数来测试所提出攻击的有效性。在SAKURA-G FPGA板上，我们证明了所提出的攻击可以从单个功率测量中估计出整个密钥，成功率超过99%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

自引率

0.00%

发文量