Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked...

S C I E N C E P A S S I O N T E C H N O L O G Y

www.iaik.tugraz.at

Single-Trace Side-Channel Attacks onMasked Lattice-Based EncryptionRobert Primas, Peter Pessl, Stefan MangardIAIK, Graz University of Technology, Austria

CHES 2017, September 28

www.iaik.tugraz.at

Outlook

Single-trace SCA on masked asymmetric lattice-based encryption

Combination of template attack (TA) with:

Belief Propagation

Lattice Decoding

⇒ Full private key recovery

PrimasCHES 2017, September 282

www.iaik.tugraz.at

Motivation

Lattice-based cryptography is a promising PQ candidate

Quantum computer resistant

Many efficient schemes available

Not a lot analysis of implementation security

⇒ First single-trace SCA for lattice-based crypto


www.iaik.tugraz.at

Ring-LWE Encryption

Proposed by Lyubashevsky, Peikert and Regev[LPR10]

Based on Learning with Errors Problem

Operates on polynomials in the ring: Zq[x ]/(xn + 1)

In our setting: q = 7681,n = 256


www.iaik.tugraz.at

Ring-LWE Encryption

* calculations are in Zq[x ]/(xn + 1)

r2( private key )

alice

(a,p)( public key )

m( encoded message )

bob

e1,e2,e3 ← X n

c1 = ae1 + e2←−−−−−−−−−( cipher text 1 )

c2 = pe1 + e3 + m←−−−−−−−−−−−−( cipher text 2 )


www.iaik.tugraz.at

Ring-LWE Decryption

* calculations are in Zq[x ]/(xn + 1)

alice

m = c1r2 + c2

⇒ Inefficient: > O(n2) due to polynomial division


www.iaik.tugraz.at

Number Theoretic Transform (NTT)

Efficient polynomial multiplication in certain rings, e.g.:

Zq[x ]/(xn + 1)

Similar to FFT:ab = INTT( NTT(a) ∗ NTT(b) )

Features butterfly network


www.iaik.tugraz.at

NTT - Butterfly

2-coefficients +x0,0x0,1 -ω n0 x1,0x1,1PrimasCHES 2017, September 288

www.iaik.tugraz.at

NTT - Butterfly Network

4-coefficients

+x0,0x0,1 -+

--

+x0,2x0,3 -

+x1,0x1,1x1,2x1,3

x2,0x2,1x2,2x2,3PrimasCHES 2017, September 289

www.iaik.tugraz.at

NTT - Butterfly Network

256-coefficients

+x0,0x0,1 -+

--

+x0,2x0,3 -

+ω n0ω n0 ω n1ω n

0

x1,0x1,1x1,2x1,3


www.iaik.tugraz.at

Efficient Ring-LWE Decryption

* calculations are in Zq[x ]/(xn + 1) * x is the NTT transformed of x

alice

m = c1r2 + c2

m = INTT( c1 ∗ r2 + c2 )

⇒ Faster: O(n log n)


www.iaik.tugraz.at

Attack Idea

* public * x is the NTT transformed of x

Given the ciphertext (c1, c2) and private key r2, decryption is defined as:

m = INTT(c1 ∗ r2 + c2︸︷︷︸I INTT

) mod q

Thus r2 can be expressed as:

r2 = (I INTT − c2) ∗ c−11 mod q


www.iaik.tugraz.at

Attack Strategy

Steps:

1. Single-trace TA on the INTT operation

2. Leakage combination via Belief Propagation (BP)

3. Key recovery via lattice decoding


www.iaik.tugraz.at

Step 1: Template Attack

Efficient SW implementation byde Clercq et al. [dCRVV15]

Texas Instruments MSP432(ARM Cortex-M4F)

EM-side-channel of powerregulation circuitry

Observed traces are expected tobe close to power consumption


www.iaik.tugraz.at


Target: Modular multiplication ineach butterfly

One factor of multiplication isalways known (ωx

n )

Additional exploitation of timinginformation

Goal: Probability distribution overeach observed coefficient

+x0,0x0,1 -x1,0x1,1


www.iaik.tugraz.at


Target: Modular multiplication ineach butterfly

One factor of multiplication isalways known (ωx

n )

Additional exploitation of timinginformation

Goal: Probability distribution overeach observed coefficient

+x0,0x0,1 -+

--

+x0,2x0,3 -

+x1,0x1,1x1,2x1,3


www.iaik.tugraz.at

Step 2: Belief Propagation

Iterative algorithm

Calculate marginal distributions

Combine leakage information

Usage in SCA first proposed byVeyrat-Charvillon [VGS14]

+x0,0x0,1 -ω n0 x1,0x1,1PrimasCHES 2017, September 2817

www.iaik.tugraz.at


Iterative algorithm





www.iaik.tugraz.at


Considerations:

Uneven distribution of side-channel information

Bad TA performance in first layer (ω0n = 1)

Layer Index1 2 3 4 5 6 7 8

Var

iable

Index

0

32

64

96

128

160

192

224

255

MUL No MUL


www.iaik.tugraz.at


Solution:

Perform BP on 3 Sub-Networks:

Ignore areas with:

No / little side-channel information

Comparably noisy side-channel information

Not all inputs can be recovered→ Step 3:

Layer Index1 2 3 4 5 6 7 8

Var

iable

Index

0

32

64

96

128

160

192

224

255

FG 1 FG 2 FG 3


www.iaik.tugraz.at


Iteration 0

Layer Index2 3 4 5 6 7 8

Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 1


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 2


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 3


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 4


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 5


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 6


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 7


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 8


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 9


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 10


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 11


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 12


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 13


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 14


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 15


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 16


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 17


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 18


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration 19


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Iteration ≥ 20


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at


Still a lot of uncertainty in the input layerof all 3 Sub-Networks...

We can exploit linearity of INTTto recover 192/256 inputs

Brute forcing the remaining coefficientsis still infeasible:

768164 ≈ 2826

Full key recovery still possible!


Var

iable

Index

0

32

64

96

127

Entropy0 13


www.iaik.tugraz.at

Step 3: Key Recovery

Setup equation system that relates the 192 recoveredcoefficients to the private key r2

Combine the equation system with the public key

Recover r2 by solving a reduced rank (256− 192 = 64) SVP problem

BKZ Basis Reduction

Success rate of lattice decoding is 1


www.iaik.tugraz.at

Attack on masked implementation

Proposed by Reparaz [RRdC+16]

Private key r2 is split into r ′2 and r ′′2 s.t.:

r2 = r ′2 + r ′′2 mod q

Recover 192 coefficients of one layerfor both INTTs

Perform pairwise addition of coefficients

Proceed with Step 3 in unmaskedscenario


www.iaik.tugraz.at

Results

Step 1: Obtain leakage of intermediate coefficients

Step 2: Reliable recovery of coefficients in Sub-Networks

Step 3: Lattice-decoding success rate is 1

⇒ Attack success rate is 1

Same holds for masked implementations

Also evaluated for simulated noisy-HW leakage model


S C I E N C E P A S S I O N T E C H N O L O G Y

www.iaik.tugraz.at

Single-Trace Side-Channel Attacks onMasked Lattice-Based EncryptionRobert Primas, Peter Pessl, Stefan MangardIAIK, Graz University of Technology, Austria

CHES 2017, September 28

www.iaik.tugraz.at

Bibliography I

[dCRVV15] Ruan de Clercq, Sujoy Sinha Roy, Frederik Vercauteren, and Ingrid Verbauwhede. Efficient software implementation of ring-lweencryption. In Wolfgang Nebel and David Atienza, editors, DATE 2015, pages 339–344. ACM, 2015.

[LPR10] Vadim Lyubashevsky, Chris Peikert, and Oded Regev. On ideal lattices and learning with errors over rings. In Henri Gilbert, editor,EUROCRYPT 2010, volume 6110 of LNCS, pages 1–23. Springer, 2010.

[RRdC+16] Oscar Reparaz, Sujoy Sinha Roy, Ruan de Clercq, Frederik Vercauteren, and Ingrid Verbauwhede. Masking ring-lwe. J. CryptographicEngineering, 6(2):139–153, 2016. Extended journal version of [RRVV15].

[RRVV15] Oscar Reparaz, Sujoy Sinha Roy, Frederik Vercauteren, and Ingrid Verbauwhede. A masked ring-lwe implementation. In Tim Guneysuand Helena Handschuh, editors, CHES 2015, volume 9293 of LNCS, pages 683–702. Springer, 2015.

[VGS14] Nicolas Veyrat-Charvillon, Benoıt Gerard, and Francois-Xavier Standaert. Soft analytical side-channel attacks. In Palash Sarkar andTetsu Iwata, editors, ASIACRYPT 2014, volume 8873 of LNCS, pages 282–296. Springer, 2014.


Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked...

Documents

Transcript of Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked...