Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption - - PowerPoint PPT Presentation

single trace side channel attacks on masked lattice based
SMART_READER_LITE
LIVE PREVIEW

Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption - - PowerPoint PPT Presentation

Mar 19, 2023 168 likes •760 views

S C I E N C E P A S S I O N T E C H N O L O G Y Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption Robert Primas, Peter Pessl, Stefan Mangard IAIK, Graz University of Technology, Austria CHES 2017,

slide-1
SLIDE 1

S C I E N C E P A S S I O N T E C H N O L O G Y www.iaik.tugraz.at

Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption

Robert Primas, Peter Pessl, Stefan Mangard

IAIK, Graz University of Technology, Austria

CHES 2017, September 28

slide-2
SLIDE 2

www.iaik.tugraz.at

Outlook

Single-trace SCA on masked asymmetric lattice-based encryption Combination of template attack (TA) with:

Belief Propagation Lattice Decoding

Primas CHES 2017, September 28 2

slide-3
SLIDE 3

www.iaik.tugraz.at

Outlook

Single-trace SCA on masked asymmetric lattice-based encryption Combination of template attack (TA) with:

Belief Propagation Lattice Decoding

⇒ Full private key recovery

Primas CHES 2017, September 28 2

slide-4
SLIDE 4

www.iaik.tugraz.at

Motivation

Lattice-based cryptography is a promising PQ candidate

Quantum computer resistant Many efficient schemes available

Not a lot analysis of implementation security

Primas CHES 2017, September 28 3

slide-5
SLIDE 5

www.iaik.tugraz.at

Motivation

Lattice-based cryptography is a promising PQ candidate

Quantum computer resistant Many efficient schemes available

Not a lot analysis of implementation security

⇒ First single-trace SCA for lattice-based crypto

Primas CHES 2017, September 28 3

slide-6
SLIDE 6

www.iaik.tugraz.at

Ring-LWE Encryption

Proposed by Lyubashevsky, Peikert and Regev[LPR10] Based on Learning with Errors Problem Operates on polynomials in the ring: Zq[x]/(xn + 1)

In our setting: q = 7681, n = 256

Primas CHES 2017, September 28 4

slide-7
SLIDE 7

www.iaik.tugraz.at

Ring-LWE Encryption

* calculations are in Zq[x]/(xn + 1) r2

( private key )

alice

(a,p)

( public key )

m

( encoded message )

bob Primas CHES 2017, September 28 5

slide-8
SLIDE 8

www.iaik.tugraz.at

Ring-LWE Encryption

* calculations are in Zq[x]/(xn + 1) r2

( private key )

alice

(a,p)

( public key )

m

( encoded message )

bob

e1,e2,e3 ← X n

Primas CHES 2017, September 28 5

slide-9
SLIDE 9

www.iaik.tugraz.at

Ring-LWE Encryption

* calculations are in Zq[x]/(xn + 1) r2

( private key )

alice

(a,p)

( public key )

m

( encoded message )

bob

e1,e2,e3 ← X n

c1 = ae1 + e2

← − − − − − − − − −

( cipher text 1 )

Primas CHES 2017, September 28 5

slide-10
SLIDE 10

www.iaik.tugraz.at

Ring-LWE Encryption

* calculations are in Zq[x]/(xn + 1) r2

( private key )

alice

(a,p)

( public key )

m

( encoded message )

bob

e1,e2,e3 ← X n

c1 = ae1 + e2

← − − − − − − − − −

( cipher text 1 )

c2 = pe1 + e3 + m

← − − − − − − − − − − − −

( cipher text 2 )

Primas CHES 2017, September 28 5

slide-11
SLIDE 11

www.iaik.tugraz.at

Ring-LWE Decryption

* calculations are in Zq[x]/(xn + 1)

alice

m = c1r2 + c2

Primas CHES 2017, September 28 6

slide-12
SLIDE 12

www.iaik.tugraz.at

Ring-LWE Decryption

* calculations are in Zq[x]/(xn + 1)

alice

m = c1r2 + c2

⇒ Inefficient: > O(n2) due to polynomial division

Primas CHES 2017, September 28 6

slide-13
SLIDE 13

www.iaik.tugraz.at

Number Theoretic Transform (NTT)

Efficient polynomial multiplication in certain rings, e.g.: Zq[x]/(xn + 1) Similar to FFT: ab = INTT( NTT(a) ∗ NTT(b) ) Features butterfly network

Primas CHES 2017, September 28 7

slide-14
SLIDE 14

www.iaik.tugraz.at

NTT - Butterfly

2-coefficients

+

x

,

x

, 1

  • ω

n

x

1 ,

x

1 , 1

Primas CHES 2017, September 28 8

slide-15
SLIDE 15

www.iaik.tugraz.at

NTT - Butterfly Network

4-coefficients

+

x

,

x

, 1

  • +
  • +

x

, 2

x

, 3

  • +

x

1 ,

x

1 , 1

x

1 , 2

x

1 , 3

x

2 ,

x

2 , 1

x

2 , 2

x

2 , 3

Primas CHES 2017, September 28 9

slide-16
SLIDE 16

www.iaik.tugraz.at

NTT - Butterfly Network

256-coefficients

+

x

,

x

, 1

  • +
  • +

x

, 2

x

, 3

  • +

ω

n

ω

n

ω

n 1

ω

n

x

1 ,

x

1 , 1

x

1 , 2

x

1 , 3

x

2 ,

x

2 , 1

x

2 , 2

x

2 , 3

Primas CHES 2017, September 28 10

slide-17
SLIDE 17

www.iaik.tugraz.at

Efficient Ring-LWE Decryption

* calculations are in Zq[x]/(xn + 1) * ˜

x is the NTT transformed of x

alice

m = c1r2 + c2 m = INTT( ˜ c1 ∗ ˜ r2 + ˜ c2 )

Primas CHES 2017, September 28 11

slide-18
SLIDE 18

www.iaik.tugraz.at

Efficient Ring-LWE Decryption

* calculations are in Zq[x]/(xn + 1) * ˜

x is the NTT transformed of x

alice

m = c1r2 + c2 m = INTT( ˜ c1 ∗ ˜ r2 + ˜ c2 )

⇒ Faster: O(n log n)

Primas CHES 2017, September 28 11

slide-19
SLIDE 19

www.iaik.tugraz.at

Attack Idea

* public * ˜

x is the NTT transformed of x

Given the ciphertext (˜ c1, ˜ c2) and private key ˜ r2, decryption is defined as: m = INTT(˜ c1 ∗ ˜ r2 + ˜ c2

  • IINTT

) mod q

Primas CHES 2017, September 28 12

slide-20
SLIDE 20

www.iaik.tugraz.at

Attack Idea

* public * ˜

x is the NTT transformed of x

Given the ciphertext (˜ c1, ˜ c2) and private key ˜ r2, decryption is defined as: m = INTT(˜ c1 ∗ ˜ r2 + ˜ c2

  • IINTT

) mod q Thus ˜ r2 can be expressed as: ˜ r2 = (IINTT − ˜ c2) ∗ ˜ c−1

1

mod q

Primas CHES 2017, September 28 12

slide-21
SLIDE 21

www.iaik.tugraz.at

Attack Strategy

Steps:

  • 1. Single-trace TA on the INTT operation
  • 2. Leakage combination via Belief Propagation (BP)
  • 3. Key recovery via lattice decoding

Primas CHES 2017, September 28 13

slide-22
SLIDE 22

www.iaik.tugraz.at

Step 1: Template Attack

Efficient SW implementation by de Clercq et al. [dCRVV15] Texas Instruments MSP432 (ARM Cortex-M4F) EM-side-channel of power regulation circuitry Observed traces are expected to be close to power consumption

Primas CHES 2017, September 28 14

slide-23
SLIDE 23

www.iaik.tugraz.at

Step 1: Template Attack

Target: Modular multiplication in each butterfly One factor of multiplication is always known (ωx

n)

Additional exploitation of timing information Goal: Probability distribution over each observed coefficient

+

x

,

x

, 1

  • x

1 ,

x

1 , 1 Primas CHES 2017, September 28

15

slide-24
SLIDE 24

www.iaik.tugraz.at

Step 1: Template Attack

Target: Modular multiplication in each butterfly One factor of multiplication is always known (ωx

n)

Additional exploitation of timing information Goal: Probability distribution over each observed coefficient

+

x

,

x

, 1

  • +
  • +

x

, 2

x

, 3

  • +

x

1 ,

x

1 , 1

x

1 , 2

x

1 , 3

x

2 ,

x

2 , 1

x

2 , 2

x

2 , 3

Primas CHES 2017, September 28 16

slide-25
SLIDE 25

www.iaik.tugraz.at

Step 2: Belief Propagation

Iterative algorithm Calculate marginal distributions Combine leakage information Usage in SCA first proposed by Veyrat-Charvillon [VGS14]

+

x

,

x

, 1

  • ω

n

x

1 ,

x

1 , 1 Primas CHES 2017, September 28

17

slide-26
SLIDE 26

www.iaik.tugraz.at

Step 2: Belief Propagation

Iterative algorithm Calculate marginal distributions Combine leakage information Usage in SCA first proposed by Veyrat-Charvillon [VGS14]

+

x

,

x

, 1

  • ω

n

x

1 ,

x

1 , 1 Primas CHES 2017, September 28

18

slide-27
SLIDE 27

www.iaik.tugraz.at

Step 2: Belief Propagation

Iterative algorithm Calculate marginal distributions Combine leakage information Usage in SCA first proposed by Veyrat-Charvillon [VGS14]

+

x

,

x

, 1

  • ω

n

x

1 ,

x

1 , 1 Primas CHES 2017, September 28

19

slide-28
SLIDE 28

www.iaik.tugraz.at

Step 2: Belief Propagation

Iterative algorithm Calculate marginal distributions Combine leakage information Usage in SCA first proposed by Veyrat-Charvillon [VGS14]

+

x

,

x

, 1

  • ω

n

x

1 ,

x

1 , 1 Primas CHES 2017, September 28

20

slide-29
SLIDE 29

www.iaik.tugraz.at

Step 2: Belief Propagation

Iterative algorithm Calculate marginal distributions Combine leakage information Usage in SCA first proposed by Veyrat-Charvillon [VGS14]

+

x

,

x

, 1

  • ω

n

x

1 ,

x

1 , 1 Primas CHES 2017, September 28

21

slide-30
SLIDE 30

www.iaik.tugraz.at

Step 2: Belief Propagation

Considerations:

Uneven distribution of side-channel information Bad TA performance in first layer (ω0

n = 1)

Layer Index 1 2 3 4 5 6 7 8 Variable Index 32 64 96 128 160 192 224 255

MUL No MUL Primas CHES 2017, September 28 22

slide-31
SLIDE 31

www.iaik.tugraz.at

Step 2: Belief Propagation

Solution:

Perform BP on 3 Sub-Networks: Ignore areas with:

No / little side-channel information Comparably noisy side-channel information

Not all inputs can be recovered → Step 3:

Layer Index 1 2 3 4 5 6 7 8 Variable Index 32 64 96 128 160 192 224 255

FG 1 FG 2 FG 3 Primas CHES 2017, September 28 23

slide-32
SLIDE 32

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 0

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-33
SLIDE 33

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 1

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-34
SLIDE 34

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 2

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-35
SLIDE 35

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 3

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-36
SLIDE 36

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 4

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-37
SLIDE 37

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 5

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-38
SLIDE 38

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 6

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-39
SLIDE 39

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 7

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-40
SLIDE 40

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 8

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-41
SLIDE 41

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 9

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-42
SLIDE 42

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 10

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-43
SLIDE 43

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 11

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-44
SLIDE 44

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 12

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-45
SLIDE 45

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 13

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-46
SLIDE 46

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 14

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-47
SLIDE 47

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 15

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-48
SLIDE 48

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 16

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-49
SLIDE 49

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 17

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-50
SLIDE 50

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 18

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-51
SLIDE 51

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration 19

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-52
SLIDE 52

www.iaik.tugraz.at

Step 2: Belief Propagation

Iteration ≥ 20

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 24

slide-53
SLIDE 53

www.iaik.tugraz.at

Step 2: Belief Propagation

Still a lot of uncertainty in the input layer

  • f all 3 Sub-Networks...

We can exploit linearity of INTT to recover 192/256 inputs Brute forcing the remaining coefficients is still infeasible: 768164 ≈ 2826 Full key recovery still possible!

Layer Index

2 3 4 5 6 7 8

Variable Index

32 64 96 127

Entropy 13

Primas CHES 2017, September 28 25

slide-54
SLIDE 54

www.iaik.tugraz.at

Step 3: Key Recovery

Setup equation system that relates the 192 recovered coefficients to the private key r2 Combine the equation system with the public key Recover r2 by solving a reduced rank (256 − 192 = 64) SVP problem

BKZ Basis Reduction

Success rate of lattice decoding is 1

Primas CHES 2017, September 28 26

slide-55
SLIDE 55

www.iaik.tugraz.at

Attack on masked implementation

Proposed by Reparaz [RRdC+16] Private key r2 is split into r ′

2 and r ′′ 2 s.t.:

r2 = r ′

2 + r ′′ 2

mod q Recover 192 coefficients of one layer for both INTTs Perform pairwise addition of coefficients Proceed with Step 3 in unmasked scenario

Primas CHES 2017, September 28 27

slide-56
SLIDE 56

www.iaik.tugraz.at

Results

Step 1: Obtain leakage of intermediate coefficients Step 2: Reliable recovery of coefficients in Sub-Networks Step 3: Lattice-decoding success rate is 1 ⇒ Attack success rate is 1 Same holds for masked implementations Also evaluated for simulated noisy-HW leakage model

Primas CHES 2017, September 28 28

slide-57
SLIDE 57

S C I E N C E P A S S I O N T E C H N O L O G Y www.iaik.tugraz.at

Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption

Robert Primas, Peter Pessl, Stefan Mangard

IAIK, Graz University of Technology, Austria

CHES 2017, September 28

slide-58
SLIDE 58

www.iaik.tugraz.at

Bibliography I

[dCRVV15] Ruan de Clercq, Sujoy Sinha Roy, Frederik Vercauteren, and Ingrid Verbauwhede. Efficient software implementation of ring-lwe

  • encryption. In Wolfgang Nebel and David Atienza, editors, DATE 2015, pages 339–344. ACM, 2015.

[LPR10] Vadim Lyubashevsky, Chris Peikert, and Oded Regev. On ideal lattices and learning with errors over rings. In Henri Gilbert, editor, EUROCRYPT 2010, volume 6110 of LNCS, pages 1–23. Springer, 2010. [RRdC+16] Oscar Reparaz, Sujoy Sinha Roy, Ruan de Clercq, Frederik Vercauteren, and Ingrid Verbauwhede. Masking ring-lwe. J. Cryptographic Engineering, 6(2):139–153, 2016. Extended journal version of [RRVV15]. [RRVV15] Oscar Reparaz, Sujoy Sinha Roy, Frederik Vercauteren, and Ingrid Verbauwhede. A masked ring-lwe implementation. In Tim G¨ uneysu and Helena Handschuh, editors, CHES 2015, volume 9293 of LNCS, pages 683–702. Springer, 2015. [VGS14] Nicolas Veyrat-Charvillon, Benoˆ ıt G´ erard, and Franc ¸ois-Xavier Standaert. Soft analytical side-channel attacks. In Palash Sarkar and Tetsu Iwata, editors, ASIACRYPT 2014, volume 8873 of LNCS, pages 282–296. Springer, 2014. Primas CHES 2017, September 28 30