Skip to main content
SpringerLink
Log in

On the Feasibility of Single-Trace Attacks on the Gaussian Sampler Using a CDT

  • Conference paper
  • First Online:
Constructive Side-Channel Analysis and Secure Design (COSADE 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13979))

Abstract

We present a single-trace attack against lattice-based KEMs using the cumulative distribution table for Gaussian sampling and execute it in a real-world environment. Our analysis takes a single power trace of the decapsulation algorithm as input and exploits leakage of the Gaussian sampling subroutine to reveal the session key. We investigated the feasibility of the attack on different boards and proved that the power consumption traces become less informative with higher clock frequencies. Therefore, we introduce a machine-learning denoising technique, which enhances the accuracy of our attack and leverages its success rate to 100%.

We accomplish the attack on FrodoKEM, a lattice-based KEM and third-round alternate candidate. We execute it on a Cortex-M4 board equipped with an STM32F4 micro-controller clocked at different frequencies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The implementation of our attack can be found at https://github.com/Soundes-M/Soundes-M-FrodoKEMSingleTrace-/settings.

  2. 2.

    We use in our experiments the STM32F4 target board which has 1 MB of Flash memory and 192 KB of RAM.

  3. 3.

    We mean here the power consumption of the device while running a cryptographic operation.

References

  1. Netherlands National Communications Security Agency. Prepare for the threat of quantum-computers (2022). https://english.aivd.nl/publications/publications/2022/01/18/prepare-for-the-threat-of-quantumcomputers

  2. Alkim, F., et al.: Frodokem: learning with errors key encapsulation. Github. https://github.com/microsoft/PQCrypto-LWEKE

  3. Aydin, E., Aysu, A., Tiwari, M., Gerstlauer, A., Orshansky, M.: Horizontal side-channel vulnerabilities of post-quantum key exchange and encapsulation protocols. ACM Trans. Embed. Comput. Syst. 20(6), October 2021

    Google Scholar 

  4. Bos, J., et al.: Take off the ring! practical, quantum-secure key exchange from lwe. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1006–1018 (2016)

    Google Scholar 

  5. Bos, J.W., Friedberger, S., Martinoli, M., Oswald, E., Stam, M.: Fly, you fool! faster frodo for the arm cortex-m4. Cryptology ePrint Archive (2018)

    Google Scholar 

  6. Castryck, W., Iliashenko, I., Vercauteren, F.: Provably weak instances of ring-lwe revisited, May 2016

    Google Scholar 

  7. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3

    Chapter  Google Scholar 

  8. Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Bimodal lattice signature scheme (bliss). https://wiki.strongswan.org/projects/strongswan/wiki/BLISS

  9. Federal Office for Information Security (BSI). Bsi tr-02102-1: “cryptographic mechanisms: Recommendations and key lengths” version: 2022–1, 2022. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.html

  10. NewAE Technology Inc. https://www.mouser.com/datasheet/2/894/NAE-CW308-datasheet-1289269.pdf

  11. Inci, M.S., Gulmezoglu, B., Irazoqui, G., Eisenbarth, T., Sunar, B.: Cache attacks enable bulk key recovery on the cloud, August 2016

    Google Scholar 

  12. Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: PQM4: Post-quantum crypto library for the ARM Cortex-M4. https://github.com/mupq/pqm4

  13. Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: pqm4: testing and benchmarking NIST PQC on ARM cortex-m4. IACR Cryptol. ePrint Arch., p. 844 (2019)

    Google Scholar 

  14. Kim, S., Hong, S.: Single trace analysis on constant time cdt sampler and its countermeasure. Appl. Sci. 8(10) (2018)

    Google Scholar 

  15. Knuth, D.E.: Art of computer programming, volume 2: Seminumerical algorithms. Addison-Wesley Professional (2014)

    Google Scholar 

  16. Lerman, L., Poussier, R., Bontempi, G., Markowitch, O., Standaert, F.-X.: Template attacks vs. machine learning revisited (and the curse of dimensionality in side-channel analysis). In: Mangard, S., Poschmann, A.Y. (eds.) Constructive Side-Channel Analysis and Secure Design, pp. 20–33. Springer, Cham (2015)

    Google Scholar 

  17. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Springer, Heidelberg (2007)

    MATH  Google Scholar 

  18. Marzougui, S., Krämer, J.: Post-quantum cryptography in embedded systems (2019)

    Google Scholar 

  19. Marzougui, S., Ulitzsch, V., Tibouchi, M., Seifert, J.-P.: Profiling side-channel attacks on dilithium: a small bit-fiddling leak breaks it all. Cryptology ePrint Archive, Paper 2022/106, 2022. https://eprint.iacr.org/2022/106

  20. Marzougui, S., Wisiol, N., Gersch, P., Krämer, J., Seifert, J.-P.: Machine-learning side-channel attacks on the galactics constant-time implementation of bliss (2021)

    Google Scholar 

  21. Mosca, M.: Cybersecurity in an era with quantum computers: will we be ready? IEEE Secur. Privacy 16(5), 38–41 (2018)

    Article  Google Scholar 

  22. Ngo, K., Dubrova, E., Guo, Q., Johansson, T.: A side-channel attack on a masked ind-cca secure saber kem implementation. IACR Trans. Cryptographic Hardware Embedded Syst., 676–707 (2021)

    Google Scholar 

  23. National Institute of standards and technology. Nist pqc standardization process. https://csrc.nist.gov/Projects/post-quantum-cryptography

  24. Paul, S., Schick, F., Seedorf, J.: Tpm-based post-quantum cryptography: a case study on quantum-resistant and mutually authenticated tls for iot environments. In: The 16th International Conference on Availability, Reliability and Security, ARES 2021. Association for Computing Machinery, New York (2021)

    Google Scholar 

  25. Pessl, P.: Analyzing the shuffling side-channel countermeasure for lattice-based signatures. In: Dunkelman, O., Sanadhya, S.K. (eds.) INDOCRYPT 2016. LNCS, vol. 10095, pp. 153–170. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49890-4_9

    Chapter  Google Scholar 

  26. Ravi, P., Roy, S.S., Chattopadhyay, A., Bhasin, S.: Generic side-channel attacks on cca-secure lattice-based pke and kems. IACR Trans. Cryptographic Hardware Embedded Syst. 2020(3), 307–335 (2020)

    Google Scholar 

  27. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), September 2009

    Google Scholar 

  28. Rhode and Schwarz. Kryptogeräte. https://www.rohde-schwarz.com/de/produkte/aerospace-verteidigung-sicherheit/kryptogeraete_230846.html

  29. Schneider, T., Paglialonga, C., Oder, T., Güneysu, T.: Efficiently masking binomial sampling at arbitrary orders for lattice-based crypto. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 534–564. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17259-6_18

    Chapter  Google Scholar 

  30. Scikit learn. scikit-learn machine learning in python. https://scikit-learn.org/stable/

  31. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  32. Sim, B.-Y., et al.: Single-trace attacks on message encoding in lattice-based kems. IEEE Access 8, 183175–183191 (2020)

    Article  Google Scholar 

  33. Stebila, D., Mosca, M.: liboqs is an open source C library for quantum-safe cryptographic algorithms., Cortex-M4. https://github.com/open-quantum-safe/liboqs

  34. Ulitzsch, V.Q., Park, S., Marzougui, S., Seifert, J.-P.: A post-quantum secure subscription concealed identifier for 6g. In: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2022, pp. 157–168. Association for Computing Machinery, New York (2022)

    Google Scholar 

  35. Utimaco. What is a hardware security module (hsm). https://utimaco.com/de/produkte/technologien/hardware-security-modules/what-hardware-security-module-hsm

  36. Wang, H., Brisfors, M., Forsmark, S., Dubrova, E.: How diversity affects deep-learning side-channel attacks. In: 2019 IEEE Nordic Circuits and Systems Conference (NORCAS): NORCHIP and International Symposium of System-on-Chip (SoC), pp. 1–7 (2019)

    Google Scholar 

  37. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-vm side channels and their use to extract private keys. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 305–316. Association for Computing Machinery, New York (2012)

    Google Scholar 

  38. Zhao, R.K., Steinfeld, R., Sakzad, A.: Facct: Fast, compact, and constant-time discrete gaussian sampler over integers. IEEE Trans. Comput. 69(1), 126–137 (2020)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgment

The work described in this paper has been supported by the German Federal Ministry of Education and Research (BMBF) under the project Full Lifecycle Post-Quantum PKI - FLOQI (ID 16KIS1074) and under the project Aquorypt (ID 16KIS1022).

Author information

Authors and Affiliations

  1. Technische Universität Berlin, Berlin, Germany

    Soundes Marzougui & Jean-Pierre Seifert

  2. IHP - Leibniz-Institut für innovative Mikroelektronik, Frankfurt, Germany

    Ievgen Kabin

  3. Universität Regensburg, Regensburg, Germany

    Juliane Krämer & Thomas Aulbach

  4. Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany

    Jean-Pierre Seifert

Authors
  1. Soundes Marzougui
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ievgen Kabin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Juliane Krämer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thomas Aulbach
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jean-Pierre Seifert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Soundes Marzougui .

Editor information

Editors and Affiliations

  1. University of Passau, Passau, Germany

    Elif Bilge Kavun

  2. Technical University of Munich, Munich, Germany

    Michael Pehl

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Marzougui, S., Kabin, I., Krämer, J., Aulbach, T., Seifert, JP. (2023). On the Feasibility of Single-Trace Attacks on the Gaussian Sampler Using a CDT. In: Kavun, E.B., Pehl, M. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2023. Lecture Notes in Computer Science, vol 13979. Springer, Cham. https://doi.org/10.1007/978-3-031-29497-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-29497-6_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-29496-9

  • Online ISBN: 978-3-031-29497-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation