Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.3.439

A Study of SPA Vulnerability on 8-bit Implementation of Ring-LWE Cryptosystem  

Park, Aesun (Dept. of Financial Information Security, Kookmin University)
Won, Yoo-Seung (Dept. of Financial Information Security, Kookmin University)
Han, Dong-Guk (Dept. of Financial Information Security, Kookmin University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.3, 2017 , pp. 439-448 More about this Journal
Abstract
It is news from nowhere that post-quantum cryptography has side-channel analysis vulnerability. Side-channel analysis attack method and countermeasures for code-based McEliece cryptosystem and lattice-based NTRU cryptosystem have been investigated. Unfortunately, the investigation of the ring-LWE cryptosystem in terms of side-channel analysis is as yet insufficient. In this paper, we propose a chosen ciphertext simple power analysis attack that can be applied when ring-LWE cryptography operates on 8-bit devices. Our proposed attack can recover the key only with [$log_2q$] traces. q is a parameter related to the security level. It is used 7681 and 12289 to match the common 128 and 256-bit security levels, respectively. We identify the vulnerability through experiment that can reveal the secret key in modular add while the ring-LWE decryption performed on real 8-bit devices. We also discuss the attack that uses a similarity measurement method for two vectors to reduce attack time.
Keywords
ring-LWE cryptosystem; simple power analysis; post-quantum cryptography; side-channel analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 P. Shor, "Algorithms for quantum computation: Discrete logarithms and factoring," Proceedings of the 35th Annual Symposium on Foundations of Computer Science, pp. 124-134, Nov. 1994.
2 P. Kocher, "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," Proceedings of the 16th Annual International Cryptology Conference, pp. 104-113, Aug. 1996.
3 P. Kocher, J. Jaffe, and B. Jun, "Differential power analysis," Proceedings of the 19th Annual International Cryptology Conference, pp. 388-397, Aug. 1999.
4 C. Chen, T. Eisenbarth, I.V. Maurich, and R. Steinwandt, "Differential Power Analysis of a McEliece Cryptosystem," Proceedings of the 13th International Conference on Applied Cryptography and Network Security, pp. 538-556, Jun. 2015.
5 M.K. Lee, J.E. Song, D.H. Choi, and D.G. Han, "Countermeasures against the power analysis attack for the NTRU public key cryptosystem," IEICE Transactions on Fundamentals of Electronics on Communications and Computer Sciences, vol.E93-A, no.1, pp.153-163, Jan. 2010.   DOI
6 Z. Liu, H. Seo, S. Roy, J. GroBschadl, H. Kim, and I. Verbauwhede, "Efficient Ring-LWE encryption on 8-bit AVR processors," Proceedings of the 17th Workshop on Cryptographic Hardware and Embedded Systems, pp. 663-682, Sep. 2015.
7 V. Lyubashevsky, C. Peikert, and O. Regev, "On Ideal Lattices and Learning with Errors over Rings," Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 1-23, Jun. 2010.
8 S. Roy, F. Vercauteren, N. Mentens, D. Chen, and I. Verbauwhede, "Compact ring-LWE cryptoprocessor," Proceedings of the 16th Workshop on Cryptographic Hardware and Embedded Systems, pp. 371-391, Sep. 2014.
9 N. Gottert, T. Feller, M. Schneider, J. Buchmann, and S. Huss, "On the Design of Hardware Building Blocks for Modern Lattice-Based Encryption Schemes," Proceedings of the 14th Workshop on Cryptographic Hardware and Embedded Systems, pp. 512-529, Sep. 2012.
10 G. Perin, L. Imbert, L. Torres, and P Maurine, "Practical analysis of rsa countermeasures against side-channel electromagnetic attacks," Proceedings of the 12th Smart Card Research and Advanced Application Conference, pp. 200-215, Nov. 2013.
11 A. Park and D,G. Han, "Chosen ciphertext Simple Power Analysis on software 8-bit implementation of ring-LWE encryption," Proceedings of the Hardware-Oriented Security and Trust (AsianHOST), pp. 1-6, Dec. 2016.
12 A. Park, Y.S. Won and D,G. Han, "Chosen Ciphertext SPA attack on ring-LWE cryptosystem," CISC-W'16, D1-3, Dec. 2016.
13 O. Reparaz, R. de Clercq, S. Roy, F. Vercauteren, and I. Verbauwhede, " Additively homomorphic ring-LWE masking," Proceedings of the 7th International Conference on Post-Quantum Cryptography, pp. 233-244, Feb. 2016.
14 O. Reparaz, S. Roy, F. Vercauteren, and I. Verbauwhede, "A masked ring-LWE implementation," Proceedings of the 17th Workshop on Cryptographic Hardware and Embedded Systems, pp. 683-702, Sep. 2015.