single-trace side-channel attacks on masked …single-trace side-channel attacks on masked...
TRANSCRIPT
![Page 1: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/1.jpg)
S C I E N C E P A S S I O N T E C H N O L O G Y
www.iaik.tugraz.at
Single-Trace Side-Channel Attacks onMasked Lattice-Based EncryptionRobert Primas, Peter Pessl, Stefan MangardIAIK, Graz University of Technology, Austria
CHES 2017, September 28
![Page 2: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/2.jpg)
www.iaik.tugraz.at
Outlook
Single-trace SCA on masked asymmetric lattice-based encryption
Combination of template attack (TA) with:
Belief Propagation
Lattice Decoding
⇒ Full private key recovery
PrimasCHES 2017, September 282
![Page 3: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/3.jpg)
www.iaik.tugraz.at
Outlook
Single-trace SCA on masked asymmetric lattice-based encryption
Combination of template attack (TA) with:
Belief Propagation
Lattice Decoding
⇒ Full private key recovery
PrimasCHES 2017, September 282
![Page 4: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/4.jpg)
www.iaik.tugraz.at
Motivation
Lattice-based cryptography is a promising PQ candidate
Quantum computer resistant
Many efficient schemes available
Not a lot analysis of implementation security
⇒ First single-trace SCA for lattice-based crypto
PrimasCHES 2017, September 283
![Page 5: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/5.jpg)
www.iaik.tugraz.at
Motivation
Lattice-based cryptography is a promising PQ candidate
Quantum computer resistant
Many efficient schemes available
Not a lot analysis of implementation security
⇒ First single-trace SCA for lattice-based crypto
PrimasCHES 2017, September 283
![Page 6: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/6.jpg)
www.iaik.tugraz.at
Ring-LWE Encryption
Proposed by Lyubashevsky, Peikert and Regev[LPR10]
Based on Learning with Errors Problem
Operates on polynomials in the ring: Zq[x ]/(xn + 1)
In our setting: q = 7681,n = 256
PrimasCHES 2017, September 284
![Page 7: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/7.jpg)
www.iaik.tugraz.at
Ring-LWE Encryption
* calculations are in Zq[x ]/(xn + 1)
r2( private key )
alice
(a,p)( public key )
m( encoded message )
bob
e1,e2,e3 ← X n
c1 = ae1 + e2←−−−−−−−−−( cipher text 1 )
c2 = pe1 + e3 + m←−−−−−−−−−−−−( cipher text 2 )
PrimasCHES 2017, September 285
![Page 8: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/8.jpg)
www.iaik.tugraz.at
Ring-LWE Encryption
* calculations are in Zq[x ]/(xn + 1)
r2( private key )
alice
(a,p)( public key )
m( encoded message )
bob
e1,e2,e3 ← X n
c1 = ae1 + e2←−−−−−−−−−( cipher text 1 )
c2 = pe1 + e3 + m←−−−−−−−−−−−−( cipher text 2 )
PrimasCHES 2017, September 285
![Page 9: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/9.jpg)
www.iaik.tugraz.at
Ring-LWE Encryption
* calculations are in Zq[x ]/(xn + 1)
r2( private key )
alice
(a,p)( public key )
m( encoded message )
bob
e1,e2,e3 ← X n
c1 = ae1 + e2←−−−−−−−−−( cipher text 1 )
c2 = pe1 + e3 + m←−−−−−−−−−−−−( cipher text 2 )
PrimasCHES 2017, September 285
![Page 10: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/10.jpg)
www.iaik.tugraz.at
Ring-LWE Encryption
* calculations are in Zq[x ]/(xn + 1)
r2( private key )
alice
(a,p)( public key )
m( encoded message )
bob
e1,e2,e3 ← X n
c1 = ae1 + e2←−−−−−−−−−( cipher text 1 )
c2 = pe1 + e3 + m←−−−−−−−−−−−−( cipher text 2 )
PrimasCHES 2017, September 285
![Page 11: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/11.jpg)
www.iaik.tugraz.at
Ring-LWE Decryption
* calculations are in Zq[x ]/(xn + 1)
alice
m = c1r2 + c2
⇒ Inefficient: > O(n2) due to polynomial division
PrimasCHES 2017, September 286
![Page 12: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/12.jpg)
www.iaik.tugraz.at
Ring-LWE Decryption
* calculations are in Zq[x ]/(xn + 1)
alice
m = c1r2 + c2
⇒ Inefficient: > O(n2) due to polynomial division
PrimasCHES 2017, September 286
![Page 13: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/13.jpg)
www.iaik.tugraz.at
Number Theoretic Transform (NTT)
Efficient polynomial multiplication in certain rings, e.g.:
Zq[x ]/(xn + 1)
Similar to FFT:ab = INTT( NTT(a) ∗ NTT(b) )
Features butterfly network
PrimasCHES 2017, September 287
![Page 14: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/14.jpg)
www.iaik.tugraz.at
NTT - Butterfly
2-coefficients +x0,0x0,1 -ω n0 x1,0x1,1PrimasCHES 2017, September 288
![Page 15: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/15.jpg)
www.iaik.tugraz.at
NTT - Butterfly Network
4-coefficients
+x0,0x0,1 -+
--
+x0,2x0,3 -
+x1,0x1,1x1,2x1,3
x2,0x2,1x2,2x2,3PrimasCHES 2017, September 289
![Page 16: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/16.jpg)
www.iaik.tugraz.at
NTT - Butterfly Network
256-coefficients
+x0,0x0,1 -+
--
+x0,2x0,3 -
+ω n0ω n0 ω n1ω n
0
x1,0x1,1x1,2x1,3
x2,0x2,1x2,2x2,3PrimasCHES 2017, September 2810
![Page 17: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/17.jpg)
www.iaik.tugraz.at
Efficient Ring-LWE Decryption
* calculations are in Zq[x ]/(xn + 1) * x is the NTT transformed of x
alice
m = c1r2 + c2
m = INTT( c1 ∗ r2 + c2 )
⇒ Faster: O(n log n)
PrimasCHES 2017, September 2811
![Page 18: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/18.jpg)
www.iaik.tugraz.at
Efficient Ring-LWE Decryption
* calculations are in Zq[x ]/(xn + 1) * x is the NTT transformed of x
alice
m = c1r2 + c2
m = INTT( c1 ∗ r2 + c2 )
⇒ Faster: O(n log n)
PrimasCHES 2017, September 2811
![Page 19: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/19.jpg)
www.iaik.tugraz.at
Attack Idea
* public * x is the NTT transformed of x
Given the ciphertext (c1, c2) and private key r2, decryption is defined as:
m = INTT(c1 ∗ r2 + c2︸ ︷︷ ︸I INTT
) mod q
Thus r2 can be expressed as:
r2 = (I INTT − c2) ∗ c−11 mod q
PrimasCHES 2017, September 2812
![Page 20: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/20.jpg)
www.iaik.tugraz.at
Attack Idea
* public * x is the NTT transformed of x
Given the ciphertext (c1, c2) and private key r2, decryption is defined as:
m = INTT(c1 ∗ r2 + c2︸ ︷︷ ︸I INTT
) mod q
Thus r2 can be expressed as:
r2 = (I INTT − c2) ∗ c−11 mod q
PrimasCHES 2017, September 2812
![Page 21: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/21.jpg)
www.iaik.tugraz.at
Attack Strategy
Steps:
1. Single-trace TA on the INTT operation
2. Leakage combination via Belief Propagation (BP)
3. Key recovery via lattice decoding
PrimasCHES 2017, September 2813
![Page 22: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/22.jpg)
www.iaik.tugraz.at
Step 1: Template Attack
Efficient SW implementation byde Clercq et al. [dCRVV15]
Texas Instruments MSP432(ARM Cortex-M4F)
EM-side-channel of powerregulation circuitry
Observed traces are expected tobe close to power consumption
PrimasCHES 2017, September 2814
![Page 23: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/23.jpg)
www.iaik.tugraz.at
Step 1: Template Attack
Target: Modular multiplication ineach butterfly
One factor of multiplication isalways known (ωx
n )
Additional exploitation of timinginformation
Goal: Probability distribution overeach observed coefficient
+x0,0x0,1 -x1,0x1,1
PrimasCHES 2017, September 2815
![Page 24: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/24.jpg)
www.iaik.tugraz.at
Step 1: Template Attack
Target: Modular multiplication ineach butterfly
One factor of multiplication isalways known (ωx
n )
Additional exploitation of timinginformation
Goal: Probability distribution overeach observed coefficient
+x0,0x0,1 -+
--
+x0,2x0,3 -
+x1,0x1,1x1,2x1,3
x2,0x2,1x2,2x2,3PrimasCHES 2017, September 2816
![Page 25: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/25.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iterative algorithm
Calculate marginal distributions
Combine leakage information
Usage in SCA first proposed byVeyrat-Charvillon [VGS14]
+x0,0x0,1 -ω n0 x1,0x1,1PrimasCHES 2017, September 2817
![Page 26: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/26.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iterative algorithm
Calculate marginal distributions
Combine leakage information
Usage in SCA first proposed byVeyrat-Charvillon [VGS14]
+x0,0x0,1 -ω n0 x1,0x1,1PrimasCHES 2017, September 2818
![Page 27: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/27.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iterative algorithm
Calculate marginal distributions
Combine leakage information
Usage in SCA first proposed byVeyrat-Charvillon [VGS14]
+x0,0x0,1 -ω n0 x1,0x1,1PrimasCHES 2017, September 2819
![Page 28: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/28.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iterative algorithm
Calculate marginal distributions
Combine leakage information
Usage in SCA first proposed byVeyrat-Charvillon [VGS14]
+x0,0x0,1 -ω n0 x1,0x1,1PrimasCHES 2017, September 2820
![Page 29: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/29.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iterative algorithm
Calculate marginal distributions
Combine leakage information
Usage in SCA first proposed byVeyrat-Charvillon [VGS14]
+x0,0x0,1 -ω n0 x1,0x1,1PrimasCHES 2017, September 2821
![Page 30: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/30.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Considerations:
Uneven distribution of side-channel information
Bad TA performance in first layer (ω0n = 1)
Layer Index1 2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
128
160
192
224
255
MUL No MUL
PrimasCHES 2017, September 2822
![Page 31: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/31.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Solution:
Perform BP on 3 Sub-Networks:
Ignore areas with:
No / little side-channel information
Comparably noisy side-channel information
Not all inputs can be recovered→ Step 3:
Layer Index1 2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
128
160
192
224
255
FG 1 FG 2 FG 3
PrimasCHES 2017, September 2823
![Page 32: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/32.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 0
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 33: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/33.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 1
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 34: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/34.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 2
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 35: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/35.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 3
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 36: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/36.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 4
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 37: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/37.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 5
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 38: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/38.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 6
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 39: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/39.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 7
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 40: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/40.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 8
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 41: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/41.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 9
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 42: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/42.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 10
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 43: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/43.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 11
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 44: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/44.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 12
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 45: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/45.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 13
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 46: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/46.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 14
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 47: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/47.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 15
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 48: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/48.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 16
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 49: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/49.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 17
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 50: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/50.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 18
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 51: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/51.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration 19
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 52: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/52.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Iteration ≥ 20
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2824
![Page 53: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/53.jpg)
www.iaik.tugraz.at
Step 2: Belief Propagation
Still a lot of uncertainty in the input layerof all 3 Sub-Networks...
We can exploit linearity of INTTto recover 192/256 inputs
Brute forcing the remaining coefficientsis still infeasible:
768164 ≈ 2826
Full key recovery still possible!
Layer Index2 3 4 5 6 7 8
Var
iable
Index
0
32
64
96
127
Entropy0 13
PrimasCHES 2017, September 2825
![Page 54: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/54.jpg)
www.iaik.tugraz.at
Step 3: Key Recovery
Setup equation system that relates the 192 recoveredcoefficients to the private key r2
Combine the equation system with the public key
Recover r2 by solving a reduced rank (256− 192 = 64) SVP problem
BKZ Basis Reduction
Success rate of lattice decoding is 1
PrimasCHES 2017, September 2826
![Page 55: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/55.jpg)
www.iaik.tugraz.at
Attack on masked implementation
Proposed by Reparaz [RRdC+16]
Private key r2 is split into r ′2 and r ′′2 s.t.:
r2 = r ′2 + r ′′2 mod q
Recover 192 coefficients of one layerfor both INTTs
Perform pairwise addition of coefficients
Proceed with Step 3 in unmaskedscenario
PrimasCHES 2017, September 2827
![Page 56: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/56.jpg)
www.iaik.tugraz.at
Results
Step 1: Obtain leakage of intermediate coefficients
Step 2: Reliable recovery of coefficients in Sub-Networks
Step 3: Lattice-decoding success rate is 1
⇒ Attack success rate is 1
Same holds for masked implementations
Also evaluated for simulated noisy-HW leakage model
PrimasCHES 2017, September 2828
![Page 57: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/57.jpg)
S C I E N C E P A S S I O N T E C H N O L O G Y
www.iaik.tugraz.at
Single-Trace Side-Channel Attacks onMasked Lattice-Based EncryptionRobert Primas, Peter Pessl, Stefan MangardIAIK, Graz University of Technology, Austria
CHES 2017, September 28
![Page 58: Single-Trace Side-Channel Attacks on Masked …Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University](https://reader030.vdocument.in/reader030/viewer/2022041117/5f2c63904b089b71d55bad1b/html5/thumbnails/58.jpg)
www.iaik.tugraz.at
Bibliography I
[dCRVV15] Ruan de Clercq, Sujoy Sinha Roy, Frederik Vercauteren, and Ingrid Verbauwhede. Efficient software implementation of ring-lweencryption. In Wolfgang Nebel and David Atienza, editors, DATE 2015, pages 339–344. ACM, 2015.
[LPR10] Vadim Lyubashevsky, Chris Peikert, and Oded Regev. On ideal lattices and learning with errors over rings. In Henri Gilbert, editor,EUROCRYPT 2010, volume 6110 of LNCS, pages 1–23. Springer, 2010.
[RRdC+16] Oscar Reparaz, Sujoy Sinha Roy, Ruan de Clercq, Frederik Vercauteren, and Ingrid Verbauwhede. Masking ring-lwe. J. CryptographicEngineering, 6(2):139–153, 2016. Extended journal version of [RRVV15].
[RRVV15] Oscar Reparaz, Sujoy Sinha Roy, Frederik Vercauteren, and Ingrid Verbauwhede. A masked ring-lwe implementation. In Tim Guneysuand Helena Handschuh, editors, CHES 2015, volume 9293 of LNCS, pages 683–702. Springer, 2015.
[VGS14] Nicolas Veyrat-Charvillon, Benoıt Gerard, and Francois-Xavier Standaert. Soft analytical side-channel attacks. In Palash Sarkar andTetsu Iwata, editors, ASIACRYPT 2014, volume 8873 of LNCS, pages 282–296. Springer, 2014.
PrimasCHES 2017, September 2830