Skip to main content
SpringerLink
Log in

Defeating NewHope with a Single Trace

  • Conference paper
  • First Online:
Post-Quantum Cryptography (PQCrypto 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12100))

Included in the following conference series:

Abstract

The key encapsulation method “NewHope” allows two parties to agree on a secret key. The scheme includes a private and a public key. While the public key is used to encipher a random shared secret, the private key enables to decipher the ciphertext. NewHope is a candidate in the NIST post-quantum project, whose aim is to standardize cryptographic systems that are secure against attacks originating from both quantum and classical computers. While NewHope relies on the theory of quantum-resistant lattice problems, practical implementations have shown vulnerabilities against side-channel attacks targeting the extraction of the private key. In this paper, we demonstrate a new attack on the shared secret. The target consists of the C reference implementation as submitted to the NIST contest, being executed on a Cortex-M4 processor. Based on power measurement, the complete shared secret can be extracted from data of one single trace only. Further, we analyze the impact of different compiler directives. When the code is compiled with optimization turned off, the shared secret can be read from an oscilloscope display directly with the naked eye. When optimizations are enabled, the attack requires some more sophisticated techniques, but the attack still works on single power traces.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978). https://doi.org/10.1145/359340.359342

    Article  MathSciNet  MATH  Google Scholar 

  2. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997). https://doi.org/10.1137/S0097539795293172

    Article  MathSciNet  MATH  Google Scholar 

  3. Dyakonov, M.: The case against quantum computing. IEEE Spectr. 56(3), 24–29 (2019)

    Article  MathSciNet  Google Scholar 

  4. Mosca, M.: Cybersecurity in an era with quantum computers: will we be ready? IEEE Secur. Priv. 16(5), 38–41 (2018). https://doi.org/10.1109/MSP.2018.3761723

    Article  Google Scholar 

  5. National Institute of Standards and Technology: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process (2016)

    Google Scholar 

  6. Alagic, G., et al.: Status report on the first round of the NIST post-quantum cryptography standardization process. NISTIR 8240 (2019). https://doi.org/10.6028/NIST.IR.8240

  7. Alkim, E., et al.: NewHope - algorithm specifications and supporting documentation. Version 1.02 (2019)

    Google Scholar 

  8. Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: NewHope without reconciliation. IACR Cryptology ePrint Archive, p. 1157 (2016). http://eprint.iacr.org/2016/1157

  9. Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: 25th USENIX Security Symposium, USENIX Security 2016, Austin, TX, USA, 10–12 August 2016, pp. 327–343 (2016)

    Google Scholar 

  10. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_1

    Chapter  Google Scholar 

  11. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, 22–24 May 2005, pp. 84–93 (2005). https://doi.org/10.1145/1060590.1060603

  12. Regev, O.: The learning with errors problem (invited survey). In: Proceedings of the 25th Annual IEEE Conference on Computational Complexity, CCC 2010, Cambridge, Massachusetts, USA, 9–12 June 2010, pp. 191–204 (2010). https://doi.org/10.1109/CCC.2010.26

  13. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9

    Chapter  Google Scholar 

  14. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    Chapter  Google Scholar 

  15. Mulder, E.D., et al.: Electromagnetic analysis attack on an FPGA implementation of an elliptic curve cryptosystem. In: EUROCON 2005 - The International Conference on “Computer as a Tool”, vol. 2, pp. 1879–1882 (2005). https://doi.org/10.1109/EURCON.2005.1630348

  16. Primas, R., Pessl, P., Mangard, S.: Single-trace side-channel attacks on masked lattice-based encryption. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 513–533. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_25

    Chapter  Google Scholar 

  17. Aysu, A., Tobah, Y., Tiwari, M., Gerstlauer, A., Orshansky, M.: Horizontal side-channel vulnerabilities of post-quantum key exchange protocols. In: 2018 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2018, Washington, DC, USA, 30 April–4 May 2018, pp. 81–88 (2018). https://doi.org/10.1109/HST.2018.8383894

  18. Bos, J.W., et al.: Frodo: take off the ring! practical, quantum-secure key exchange from LWE. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 1006–1018 (2016). https://doi.org/10.1145/2976749.2978425

  19. Park, A., Han, D.: Chosen ciphertext simple power analysis on software 8-bit implementation of ring-LWE encryption. In: 2016 IEEE Asian Hardware-Oriented Security and Trust, AsianHOST 2016, Yilan, Taiwan, 19–20 December 2016, pp. 1–6 (2016). https://doi.org/10.1109/AsianHOST.2016.7835555

  20. Huang, W., Chen, J., Yang, B.: Correlation power analysis on NTRU prime and related countermeasures. IACR Cryptology ePrint Archive, p. 100 (2019). https://eprint.iacr.org/2019/100

  21. Zheng, X., Wang, A., Wei, W.: First-order collision attack on protected NTRU cryptosystem. Microprocess. Microsyst. Embed. Hardw. Design 37(6–7), 601–609 (2013). https://doi.org/10.1016/j.micpro.2013.04.008

    Article  Google Scholar 

  22. Reparaz, O., Roy, S.S., de Clercq, R., Vercauteren, F., Verbauwhede, I.: Masking ring-LWE. J. Cryptogr. Eng. 6(2), 139–153 (2016). https://doi.org/10.1007/s13389-016-0126-5

    Article  MATH  Google Scholar 

  23. Reparaz, O., de Clercq, R., Roy, S.S., Vercauteren, F., Verbauwhede, I.: Additively homomorphic ring-LWE masking. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 233–244. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29360-8_15

    Chapter  Google Scholar 

  24. Oder, T., Schneider, T., Pöppelmann, T., Güneysu, T.: Practical CCA2-secure and masked ring-LWE implementation. IACR Trans. Cryptogr. Hardw. Embed. Syst., 142–174 (2018). https://doi.org/10.13154/tches.v2018.i1.142-174

  25. Fluhrer, S.R.: Cryptanalysis of ring-LWE based key exchange with key share reuse. IACR Cryptology ePrint Archive, p. 85 (2016). http://eprint.iacr.org/2016/085

  26. Ding, J., Alsayigh, S., Saraswathy, R.V., Fluhrer, S.R., Lin, X.: Leakage of signal function with reused keys in RLWE key exchange. In: IEEE International Conference on Communications, ICC 2017, Paris, France, 21–25 May 2017, pp. 1–6 (2017). https://doi.org/10.1109/ICC.2017.7996806

  27. Bauer, A., Gilbert, H., Renault, G., Rossi, M.: Assessment of the key-reuse resilience of NewHope. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 272–292. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12612-4_14

    Chapter  Google Scholar 

  28. Qin, Y., Cheng, C., Ding, J.: A complete and optimized key mismatch attack on NIST candidate NewHope. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019, Part II. LNCS, vol. 11736, pp. 504–520. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29962-0_24

    Chapter  Google Scholar 

  29. Avanzi, R., et al.: CRYSTALS-Kyber algorithm specifications and supporting documentation. Version 2.0 (2019)

    Google Scholar 

  30. Fisher, R.A., Yates, F., et al.: Statistical tables for biological, agricultural and medical research (1963). http://hdl.handle.net/2440/10701

  31. Khalid, A., Oder, T., Valencia, F., O’Neill, M., Güneysu, T., Regazzoni, F.: Physical protection of lattice-based cryptography: challenges and solutions. In: Proceedings of the 2018 on Great Lakes Symposium on VLSI, GLSVLSI 2018, Chicago, IL, USA, 23–25 May 2018, pp. 365–370 (2018). https://doi.org/10.1145/3194554.3194616

Download references

Acknowledgment

We thank the anonymous reviewers for their accurate reviews and valuable comments. This work was supported by Innosuisse, the federal agency responsible for encouraging science-based innovation in Switzerland.

Author information

Authors and Affiliations

  1. IMES Institute for Microelectronics and Embedded Systems, HSR Hochschule für Technik Rapperswil, Rapperswil-Jona, Switzerland

    Dorian Amiet, Lukas Leuenberger & Paul Zbinden

  2. Securosys SA, Zürich, Switzerland

    Andreas Curiger

Authors
  1. Dorian Amiet
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andreas Curiger
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lukas Leuenberger
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Paul Zbinden
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dorian Amiet .

Editor information

Editors and Affiliations

  1. University of Cincinnati, Cincinnati, OH, USA

    Jintai Ding

  2. Inria, Paris, France

    Jean-Pierre Tillich

Appendices

Appendix 1

figure d

Appendix 2

figure e

Appendix 3

figure f

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Amiet, D., Curiger, A., Leuenberger, L., Zbinden, P. (2020). Defeating NewHope with a Single Trace. In: Ding, J., Tillich, JP. (eds) Post-Quantum Cryptography. PQCrypto 2020. Lecture Notes in Computer Science(), vol 12100. Springer, Cham. https://doi.org/10.1007/978-3-030-44223-1_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-44223-1_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-44222-4

  • Online ISBN: 978-3-030-44223-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation