Browse > Article
http://dx.doi.org/10.13089/JKIISC.2009.19.2.11

Power analysis attacks against NTRU and their countermeasures  

Song, Jeong-Eun (School of Computer and Information Engineering, Inha University)
Han, Dong-Guk (Department of Mathematics, Kookmin University)
Lee, Mun-Kyu (School of Computer and Information Engineering, Inha University)
Choi, Doo-Ho (Electronics and Telecommunications Research Institute)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.19, no.2, 2009 , pp. 11-21 More about this Journal
Abstract
The NTRU cryptosystem proposed by Hoffstein et al. in 1990s is a public key cryptosystem based on hard lattice problems. NTRU has many advantages compared to other public key cryptosystems such as RSA and elliptic curve cryptosystems. For example, it guarantees high speed encryption and decryption with the same level of security, and there is no known quantum computing algorithm for speeding up attacks against NTRD. In this paper, we analyze the security of NTRU against the simple power analysis (SPA) attack and the statistical power analysis (STPA) attack such as the correlation power analysis (CPA) attack First, we implement NTRU operations using NesC on a Telos mote, and we show how to apply CPA to recover a private key from collected power traces. We also suggest countermeasures against these attacks. In order to prevent SPA, we propose to use a nonzero value to initialize the array which will store the result of a convolution operation. On the other hand, in order to prevent STPA, we propose two techniques to randomize power traces related to the same input. The first one is random ordering of the computation sequences in a convolution operation and the other is data randomization in convolution operation.
Keywords
NTRU; Side Channel Attack; Power Analysis Attack; Countermeasure;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J. Hoffstein and J.H. Silverman, "Optimizations for NTRU," Proceedings of Public Key Cryptography and Computational Number Theory, pp. 1-12, Sep 2000
2 G. Gaubatz, J.P. Kaps, and B. Sunar, "Public key cryptography in sensor networks-Revisited," ESAS 2004, LNCS3313, pp. 2-18, 2004
3 P.C. Kocher. "Timing Attacks on Implementations of Diffie-Hellman.RSA. DSS. and Other Systems." Advances in Cryptology, CRYPTO '96. LNCS1109, pp. 10S-113. 1996
4 http://www.ntru.com/cryptolab/faqs.htm
5 T.S. Messerges, "Using Second-Order Power Analysis to Attack DPA Resistant Software," CHES 2000, LNCS 1965, pp. 238-251, 2000
6 E. Brier. C. Clavier. and F. Olivier. "Correlation Power Analysis with a Leakage Model," CHES 2004, LNCS 3156,pp. 16-29, 2004
7 E. Oswald, S. Mangard, C. Herbst, and S. Tillich, "Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers,"CT-RSA 2006, LNCS 3860, pp. 192-207, 2006
8 W. Whyte et aI., "Draft Standard for Public-Key Cryptographic Techniques Based on Hard Problems over Lattices," Oct. 2006
9 D.V. Bailey, D. Coffin, A. Elbirt, J.H. Silverman, and A.D. Woodbury,"NTRU in constrained devices," CHES 2001. LNCS 2162, pp. 262-272, 2001
10 J. Hoffstein, J. Pipher, and J.H. Silverman, "NTRU: A Ring-Based Public Key Cryptosystem," Algorithmic Number Theory(ANTSlll), LNCS 1423, pp. 267-288,1998
11 A. Atici, L. Batina, B. Gierlichs, and 1. Verbauwhede, "Power analysis on NTRU implementations for RFIDs: First results," In Workshop on RFID Security 2008, pp. 128-139, July 2008
12 P. Kocher, J. Jaffe. and B. Jun. "Differential power analysis." Advances in Cryptology, CRYPTO '99. LNCS 1666. pp. 388-397, 1999