More Practical Single-Trace Attacks on the Number Theoretic - - PowerPoint PPT Presentation

more practical single trace attacks on the number
SMART_READER_LITE
LIVE PREVIEW

More Practical Single-Trace Attacks on the Number Theoretic - - PowerPoint PPT Presentation

Jan 20, 2024 939 likes •1.63k views

SCIENCE PASSION TECHNOLOGY More Practical Single-Trace Attacks on the Number Theoretic Transform Peter Pessl, Robert Primas Graz University of Technology LATINCRYPT 2019, October 02 > www.iaik.tugraz.at www.iaik.tugraz.at

slide-1
SLIDE 1

SCIENCE PASSION TECHNOLOGY

More Practical Single-Trace Attacks

  • n the Number Theoretic Transform

Peter Pessl, Robert Primas Graz University of Technology LATINCRYPT 2019, October 02

> www.iaik.tugraz.at

slide-2
SLIDE 2

www.iaik.tugraz.at

Public-Key Crypto and Side-Channel Attacks

  • Power consumption trace of RSA decryption

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 2

slide-3
SLIDE 3

www.iaik.tugraz.at

Public-Key Crypto and Side-Channel Attacks

  • Power consumption trace of RSA decryption

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 2

slide-4
SLIDE 4

www.iaik.tugraz.at

Public-Key Crypto and Side-Channel Attacks

  • 1 0 0 1 1 0 0 0 1 0 0 1 1 0 0 0

Power consumption trace of RSA decryption

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 2

slide-5
SLIDE 5

www.iaik.tugraz.at

Public-Key Crypto and Side-Channel Attacks

  • 1 0 0 1 1 0 0 0 1 0 0 1 1 0 0 0

Power consumption trace of RSA decryption

Single-trace attacks are still a prime threat!

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 2

slide-6
SLIDE 6

www.iaik.tugraz.at

But RSA is old news anyway. . .

Lattice-based cryptography

promising post-quantum replacement implementations: fast and constant time / control flow

Do we still need to worry about single-trace attacks?

no more instruction leakage protection efforts towards differential (multi-trace) attacks

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 3

slide-7
SLIDE 7

www.iaik.tugraz.at

But RSA is old news anyway. . .

Lattice-based cryptography

promising post-quantum replacement implementations: fast and constant time / control flow

Do we still need to worry about single-trace attacks?

no more instruction leakage protection efforts towards differential (multi-trace) attacks

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 3

slide-8
SLIDE 8

www.iaik.tugraz.at

Previously: yes, but

Our previous work: single-trace attack on the NTT

Number Theoretic Transform, common in many lattice schemes combine template attacks (device profiling) with belief propagation

  • but. . .

attacked variable-time implementation large templating effort (≈ a million multivariate templates)

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 4

slide-9
SLIDE 9

www.iaik.tugraz.at

Previously: yes, but

Our previous work: single-trace attack on the NTT

Number Theoretic Transform, common in many lattice schemes combine template attacks (device profiling) with belief propagation

  • but. . .

attacked variable-time implementation large templating effort (≈ a million multivariate templates)

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 4

slide-10
SLIDE 10

www.iaik.tugraz.at

Previously: yes, but

Our previous work: single-trace attack on the NTT

Number Theoretic Transform, common in many lattice schemes combine template attacks (device profiling) with belief propagation

  • but. . .

attacked variable-time implementation large templating effort (≈ a million multivariate templates)

Can we do better?

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 4

slide-11
SLIDE 11

www.iaik.tugraz.at

Our Contribution

Improve upon previous attack

several improvements to belief propagation in this context change targets: encryption instead of decryption

Attack constant-time ASM-optimized Kyber implementation

massively reduced templating effort

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 5

slide-12
SLIDE 12

www.iaik.tugraz.at

Our Contribution

Improve upon previous attack

several improvements to belief propagation in this context change targets: encryption instead of decryption

Attack constant-time ASM-optimized Kyber implementation

massively reduced templating effort

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 5

slide-13
SLIDE 13

www.iaik.tugraz.at

Lattice-based Encryption (LPR, NewHope, Kyber, . . . )

"Noisy ElGamal" with polynomials in Zq[x]/xn + 1 Key Generation: generate small error polynomials s, e t = a · s + e pk = (a, t), sk = s Encryption: generate small error polynomials r, e1, e2 c1 = a · r + e1 c2 = t · r + e2 + m Decryption: m ≈ c2 − s · c1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 6

slide-14
SLIDE 14

www.iaik.tugraz.at

Lattice-based Encryption (LPR, NewHope, Kyber, . . . )

"Noisy ElGamal" with polynomials in Zq[x]/xn + 1 Key Generation: generate small error polynomials s, e t = a · s + e pk = (a, t), sk = s Encryption: generate small error polynomials r, e1, e2 c1 = a · r + e1 c2 = t · r + e2 + m Decryption: m ≈ c2 − s · c1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 6

slide-15
SLIDE 15

www.iaik.tugraz.at

Lattice-based Encryption (LPR, NewHope, Kyber, . . . )

"Noisy ElGamal" with polynomials in Zq[x]/xn + 1 Key Generation: generate small error polynomials s, e t = a · s + e pk = (a, t), sk = s Encryption: generate small error polynomials r, e1, e2 c1 = a · r + e1 c2 = t · r + e2 + m Decryption: m ≈ c2 − s · c1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 6

slide-16
SLIDE 16

www.iaik.tugraz.at

Lattice-based Encryption (LPR, NewHope, Kyber, . . . )

"Noisy ElGamal" with polynomials in Zq[x]/xn + 1 Key Generation: generate small error polynomials s, e t = a · s + e pk = (a, t), sk = s Encryption: generate small error polynomials r, e1, e2 c1 = a · r + e1 c2 = t · r + e2 + m Decryption: m ≈ c2 − s · c1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 6

slide-17
SLIDE 17

www.iaik.tugraz.at

Number Theoretic Transform

Naive polynomial multiplication: O(n2) Better: Number Theoretic Transform (NTT)

≈ FFT in Zq[x], runtime O(n log n) pointwise mult. of NTT-transformed: a · b = INTT(NTT(a) ◦ NTT(b))

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 7

slide-18
SLIDE 18

www.iaik.tugraz.at

Number Theoretic Transform

Naive polynomial multiplication: O(n2) Better: Number Theoretic Transform (NTT)

≈ FFT in Zq[x], runtime O(n log n) pointwise mult. of NTT-transformed: a · b = INTT(NTT(a) ◦ NTT(b))

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 7

slide-19
SLIDE 19

www.iaik.tugraz.at

Butterfly

𝜕 𝑦1 𝑦0 𝑦̂ 1 𝑦̂ 0

  • 1

Butterfly = 2-coefficient NTT

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 8

slide-20
SLIDE 20

www.iaik.tugraz.at

Butterfly Network

  • 1
  • 1
  • 1
  • 1

𝑦0 𝑦2 𝑦1 𝑦3 𝑦̂ 0 𝑦̂ 1 𝑦̂ 2 𝑦̂ 3 𝜕n 𝜕n 𝜕n 𝜕n

1

4-coefficient NTT

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 9

slide-21
SLIDE 21

www.iaik.tugraz.at

Previous Single-Trace Attack on the NTT

Recover secret NTT input with:

  • 1. Template matching

Profile power consumption of mult. Match profiles (templates) for probability distribution

𝜕 𝑦1 𝑦0 𝑦̂ 1 𝑦̂ 0

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 10

slide-22
SLIDE 22

www.iaik.tugraz.at

Previous Single-Trace Attack on the NTT

Recover secret NTT input with:

  • 1. Template matching

Profile power consumption of mult. Match profiles (templates) for probability distribution

𝜕 𝑦1 𝑦0 𝑦̂ 1 𝑦̂ 0

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 10

slide-23
SLIDE 23

www.iaik.tugraz.at

Previous Single-Trace Attack on the NTT

Recover secret NTT input with:

  • 1. Template matching

Profile power consumption of mult. Match profiles (templates) for probability distribution

𝜕 𝑦1 𝑦0 𝑦̂ 1 𝑦̂ 0

  • 1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 10

slide-24
SLIDE 24

www.iaik.tugraz.at

Previous Single-Trace Attack on the NTT

Recover secret NTT input with:

  • 1. Template matching

Profile power consumption of mult. Match profiles (templates) for probability distribution

𝜕 𝑦1 𝑦0 𝑦̂ 1 𝑦̂ 0

  • 1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 10

slide-25
SLIDE 25

www.iaik.tugraz.at

Previous Single-Trace Attack on the NTT

Recover secret NTT input with:

  • 2. Belief propagation

Represent NTT with a graphical model Pass beliefs along edges and update Repeat until convergence reached

𝜕 𝑦1 𝑦0 𝑦̂ 1 𝑦̂ 0

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 11

slide-26
SLIDE 26

www.iaik.tugraz.at

Previous Single-Trace Attack on the NTT

Recover secret NTT input with:

  • 2. Belief propagation

Represent NTT with a graphical model Pass beliefs along edges and update Repeat until convergence reached

𝜕 𝑦1 𝑦0 𝑦̂ 1 𝑦̂ 0

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 11

slide-27
SLIDE 27

www.iaik.tugraz.at

Previous Single-Trace Attack on the NTT

Recover secret NTT input with:

  • 2. Belief propagation

Represent NTT with a graphical model Pass beliefs along edges and update Repeat until convergence reached

𝑔

add

𝑦1 𝑦0 𝑔

sub

𝑦̂ 0 𝑦̂ 1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 11

slide-28
SLIDE 28

www.iaik.tugraz.at

Previous Single-Trace Attack on the NTT

Recover secret NTT input with:

  • 2. Belief propagation

Represent NTT with a graphical model Pass beliefs along edges and update Repeat until convergence reached

𝑔

add

𝑦1 𝑦0 𝑔

sub

𝑦̂ 0 𝑦̂ 1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 11

slide-29
SLIDE 29

www.iaik.tugraz.at

Previous Single-Trace Attack on the NTT

Recover secret NTT input with:

  • 2. Belief propagation

Represent NTT with a graphical model Pass beliefs along edges and update Repeat until convergence reached

𝑔

add

𝑦1 𝑦0 𝑔

sub

𝑦̂ 0 𝑦̂ 1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 11

slide-30
SLIDE 30

www.iaik.tugraz.at

Previous Single-Trace Attack on the NTT

Recover secret NTT input with:

  • 2. Belief propagation

Represent NTT with a graphical model Pass beliefs along edges and update Repeat until convergence reached

𝑔

add

𝑦1 𝑦0 𝑔

sub

𝑦̂ 0 𝑦̂ 1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 11

slide-31
SLIDE 31

www.iaik.tugraz.at

Previous Single-Trace Attack on the NTT

Recover secret NTT input with:

  • 2. Belief propagation

Represent NTT with a graphical model Pass beliefs along edges and update Repeat until convergence reached

𝑔

add

𝑦1 𝑦0 𝑔

sub

𝑦̂ 0 𝑦̂ 1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 11

slide-32
SLIDE 32

www.iaik.tugraz.at

Previous Single-Trace Attack on the NTT

Recover secret NTT input with:

  • 2. Belief propagation

Represent NTT with a graphical model Pass beliefs along edges and update Repeat until convergence reached

𝑔

add

𝑦1 𝑦0 𝑔

sub

𝑦̂ 0 𝑦̂ 1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 11

slide-33
SLIDE 33

www.iaik.tugraz.at

Previous Single-Trace Attack on the NTT

Recover secret NTT input with:

  • 2. Belief propagation

Represent NTT with a graphical model Pass beliefs along edges and update Repeat until convergence reached

𝑔

add

𝑦1 𝑔

sub

𝑦̂ 0 𝑦̂ 1 𝑦0

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 11

slide-34
SLIDE 34

www.iaik.tugraz.at

Practicality?

Evaluation on non-constant-time implementation

timing information not needed per se . . . but still aids attacks

Requires powerful attacker

≈ 1 million input combinations for modular multiplication each one requires multivariate template . . . very high templating effort

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 12

slide-35
SLIDE 35

www.iaik.tugraz.at

Practicality?

Evaluation on non-constant-time implementation

timing information not needed per se . . . but still aids attacks

Requires powerful attacker

≈ 1 million input combinations for modular multiplication each one requires multivariate template . . . very high templating effort

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 12

slide-36
SLIDE 36

www.iaik.tugraz.at

Decreased Templating Effort

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 13

slide-37
SLIDE 37

www.iaik.tugraz.at

Decreased Templating Effort

Previously

𝜕 𝑦1 𝑦0 𝑦̂ 1 𝑦̂ 0

  • 1

Target multiplication 1 million multivariate templates

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 13

slide-38
SLIDE 38

www.iaik.tugraz.at

Decreased Templating Effort

Previously

𝜕 𝑦1 𝑦0 𝑦̂ 1 𝑦̂ 0

  • 1

Target multiplication 1 million multivariate templates

Now

𝜕 𝑦1 𝑦0 𝑦̂ 1 𝑦̂ 0

  • 1

Target memory loads and stores 14 univariate Hamming-weight templates

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 13

slide-39
SLIDE 39

www.iaik.tugraz.at

Are we done?

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 14

slide-40
SLIDE 40

www.iaik.tugraz.at

Are we done?

no timing information + simpler templates

attack fails!

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 14

slide-41
SLIDE 41

www.iaik.tugraz.at

Changing Targets

Decryption

m ≈ c2 − INTT(NTT(s) ◦ NTT(c1)) Recover INTT input, compute s INTT input: [0, q − 1]n

Encryption

c1 = INTT(NTT(a) ◦ NTT(r)) + e1 Recover r, compute m ≈ c2 − t · r r is small: e.g., [−2, 2]n

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 15

slide-42
SLIDE 42

www.iaik.tugraz.at

Changing Targets

Decryption

m ≈ c2 − INTT(NTT(s) ◦ NTT(c1)) Recover INTT input, compute s INTT input: [0, q − 1]n

Encryption

c1 = INTT(NTT(a) ◦ NTT(r)) + e1 Recover r, compute m ≈ c2 − t · r r is small: e.g., [−2, 2]n

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 15

slide-43
SLIDE 43

www.iaik.tugraz.at

Changing Targets

Decryption

m ≈ c2 − INTT(NTT(s) ◦ NTT(c1)) Recover INTT input, compute s INTT input: [0, q − 1]n

Encryption

c1 = INTT(NTT(a) ◦ NTT(r)) + e1 Recover r, compute m ≈ c2 − t · r r is small: e.g., [−2, 2]n

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 15

slide-44
SLIDE 44

www.iaik.tugraz.at

Changing Targets

Decryption

m ≈ c2 − INTT(NTT(s) ◦ NTT(c1)) Recover INTT input, compute s INTT input: [0, q − 1]n

Encryption

c1 = INTT(NTT(a) ◦ NTT(r)) + e1 Recover r, compute m ≈ c2 − t · r r is small: e.g., [−2, 2]n

Attack simulations already work, but we can do better. . .

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 15

slide-45
SLIDE 45

www.iaik.tugraz.at

Belief Propagation and Loops

Information flow:

x1 → x0 x0 → x1 Positive feedback loop

  • verconfidence, non-covergence

short loop, deterministic operations

𝑔

add

𝑦1 𝑦0 𝑔

sub

𝑦̂ 0 𝑦̂ 1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 16

slide-46
SLIDE 46

www.iaik.tugraz.at

Belief Propagation and Loops

Information flow:

x1 → x0 x0 → x1 Positive feedback loop

  • verconfidence, non-covergence

short loop, deterministic operations

𝑔

add

𝑦1 𝑦0 𝑔

sub

𝑦̂ 0 𝑦̂ 1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 16

slide-47
SLIDE 47

www.iaik.tugraz.at

Belief Propagation and Loops

Information flow:

x1 → x0 x0 → x1 Positive feedback loop

  • verconfidence, non-covergence

short loop, deterministic operations

𝑔

add

𝑦1 𝑦0 𝑔

sub

𝑦̂ 0 𝑦̂ 1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 16

slide-48
SLIDE 48

www.iaik.tugraz.at

Belief Propagation and Loops

Information flow:

x1 → x0 x0 → x1 Positive feedback loop

  • verconfidence, non-covergence

short loop, deterministic operations

𝑔

add

𝑦1 𝑦0 𝑔

sub

𝑦̂ 0 𝑦̂ 1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 16

slide-49
SLIDE 49

www.iaik.tugraz.at

Butterfly Factors

𝑔

add

𝑦1 𝑦0 𝑔

sub

𝑦̂ 0 𝑦̂ 1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 17

slide-50
SLIDE 50

www.iaik.tugraz.at

Butterfly Factors

𝑔

add

𝑦1 𝑦0 𝑔

sub

𝑦̂ 0 𝑦̂ 1

𝑦1 𝑦0 𝑦̂ 0 𝑦̂ 1

𝑔

bf

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 17

slide-51
SLIDE 51

www.iaik.tugraz.at

Butterfly Factors

𝑔

add

𝑦1 𝑦0 𝑔

sub

𝑦̂ 0 𝑦̂ 1

𝑦1 𝑦0 𝑦̂ 0 𝑦̂ 1

𝑔

bf

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 17

slide-52
SLIDE 52

www.iaik.tugraz.at

  • Still. . .

𝑦2 𝑦0

𝑔

bf

𝑦3 𝑦1

𝑔

bf

𝑦̂ 0 𝑦̂ 1

𝑔

bf

𝑦̂ 2 𝑦̂ 3

𝑔

bf

NTT with 4 coefficients

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 18

slide-53
SLIDE 53

www.iaik.tugraz.at

  • Still. . .

𝑦2 𝑦0

𝑔

bf

𝑦3 𝑦1

𝑔

bf

𝑦̂ 0 𝑦̂ 1

𝑔

bf

𝑦̂ 2 𝑦̂ 3

𝑔

bf

NTT with 4 coefficients

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 18

slide-54
SLIDE 54

www.iaik.tugraz.at

  • Still. . .

𝑦2 𝑦0

𝑔

bf

𝑦3 𝑦1

𝑔

bf

𝑦̂ 0 𝑦̂ 1

𝑔

bf

𝑦̂ 2 𝑦̂ 3

𝑔

bf

NTT with 4 coefficients Still, shortest loops eliminated

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 18

slide-55
SLIDE 55

www.iaik.tugraz.at

Attack Simulations

Leakage simulations

Hamming-weight with Gaussian noise

Tripling of σ2 (SNR)

0.5 1 1.5 2 2.5 0.5 1

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 19

slide-56
SLIDE 56

www.iaik.tugraz.at

Attacking a Real Device

Power Analysis of an ARM Cortex M4

ASM-optimized constant-time Kyber Profiling: 213 univariate HW templates Attack: matching and run BP Lattice reduction for error correction Overall success rate: 95%

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 20

slide-57
SLIDE 57

www.iaik.tugraz.at

More Results

Analyzed masking countermeasure

adaptation required attacks still possible, but at much lower noise

Analysis of implementation techniques

lazy reductions, larger input ranges reflect implementation techniques in graph

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 21

slide-58
SLIDE 58

www.iaik.tugraz.at

More Results

Analyzed masking countermeasure

adaptation required attacks still possible, but at much lower noise

Analysis of implementation techniques

lazy reductions, larger input ranges reflect implementation techniques in graph

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 21

slide-59
SLIDE 59

www.iaik.tugraz.at

More Results

Analyzed masking countermeasure

adaptation required attacks still possible, but at much lower noise

Analysis of implementation techniques

lazy reductions, larger input ranges reflect implementation techniques in graph

Peter Pessl, Graz University of Technolgy LATINCRYPT 2019, October 02 21

slide-60
SLIDE 60

SCIENCE PASSION TECHNOLOGY

More Practical Single-Trace Attacks

  • n the Number Theoretic Transform

Peter Pessl, Robert Primas Graz University of Technology LATINCRYPT 2019, October 02

> www.iaik.tugraz.at