5 research outputs found
Single-Trace Side-Channel Attacks on the Toom-Cook: The Case Study of Saber
The Toom-Cook method is a well-known strategy for building algorithms to multiply polynomials efficiently. Along with NTT-based polynomial multiplication, Toom-Cook-based or Karatsuba-based polynomial multiplication algorithms still have regained attention since the start of the NISTās post-quantum standardization procedure. Compared to the comprehensive analysis done for NTT, the leakage characteristics of Toom-Cook have not been discussed. We analyze the vulnerabilities of Toom-Cook in the reference implementation of Saber, a third round finalist of NISTās post-quantum standardization process. In this work, we present the first single-trace attack based on the soft-analytical side-channel attack (SASCA) targeting the Toom-Cook. The deep learning-based power analysis is combined with SASCA to decrease the number of templates since there are a large number of similar operations in the Toom-Cook. Moreover, we describe the optimized factor graph and improved belief propagation to make the attack more practical. The feasibility of the attack is verified by evaluation experiments. We also discuss the possible countermeasures to prevent the attack
Decryption Failure Attacks on Post-Quantum Cryptography
This dissertation discusses mainly new cryptanalytical results related to issues of securely implementing the next generation of asymmetric cryptography, or Public-Key Cryptography (PKC).PKC, as it has been deployed until today, depends heavily on the integer factorization and the discrete logarithm problems.Unfortunately, it has been well-known since the mid-90s, that these mathematical problems can be solved due to Peter Shor's algorithm for quantum computers, which achieves the answers in polynomial time.The recently accelerated pace of R&D towards quantum computers, eventually of sufficient size and power to threaten cryptography, has led the crypto research community towards a major shift of focus.A project towards standardization of Post-quantum Cryptography (PQC) was launched by the US-based standardization organization, NIST. PQC is the name given to algorithms designed for running on classical hardware/software whilst being resistant to attacks from quantum computers.PQC is well suited for replacing the current asymmetric schemes.A primary motivation for the project is to guide publicly available research toward the singular goal of finding weaknesses in the proposed next generation of PKC.For public key encryption (PKE) or digital signature (DS) schemes to be considered secure they must be shown to rely heavily on well-known mathematical problems with theoretical proofs of security under established models, such as indistinguishability under chosen ciphertext attack (IND-CCA).Also, they must withstand serious attack attempts by well-renowned cryptographers both concerning theoretical security and the actual software/hardware instantiations.It is well-known that security models, such as IND-CCA, are not designed to capture the intricacies of inner-state leakages.Such leakages are named side-channels, which is currently a major topic of interest in the NIST PQC project.This dissertation focuses on two things, in general:1) how does the low but non-zero probability of decryption failures affect the cryptanalysis of these new PQC candidates?And 2) how might side-channel vulnerabilities inadvertently be introduced when going from theory to the practice of software/hardware implementations?Of main concern are PQC algorithms based on lattice theory and coding theory.The primary contributions are the discovery of novel decryption failure side-channel attacks, improvements on existing attacks, an alternative implementation to a part of a PQC scheme, and some more theoretical cryptanalytical results
SƩcuritƩ Ʃtendue de la cryptographie fondƩe sur les rƩseaux euclidiens
Lattice-based cryptography is considered as a quantum-safe alternative for the replacement of currently deployed schemes based on RSA and discrete logarithm on prime fields or elliptic curves. It offers strong theoretical security guarantees, a large array of achievable primitives, and a competitive level of efficiency. Nowadays, in the context of the NIST post-quantum standardization process, future standards may ultimately be chosen and several new lattice-based schemes are high-profile candidates. The cryptographic research has been encouraged to analyze lattice-based cryptosystems, with a particular focus on practical aspects. This thesis is rooted in this effort.In addition to black-box cryptanalysis with classical computing resources, we investigate the extended security of these new lattice-based cryptosystems, employing a broad spectrum of attack models, e.g. quantum, misuse, timing or physical attacks. Accounting that these models have already been applied to a large variety of pre-quantum asymmetric and symmetric schemes before, we concentrate our efforts on leveraging and addressing the new features introduced by lattice structures. Our contribution is twofold: defensive, i.e. countermeasures for implementations of lattice-based schemes and offensive, i.e. cryptanalysis.On the defensive side, in view of the numerous recent timing and physical attacks, we wear our designerās hat and investigate algorithmic protections. We introduce some new algorithmic and mathematical tools to construct provable algorithmic countermeasures in order to systematically prevent all timing and physical attacks. We thus participate in the actual provable protection of the GLP, BLISS, qTesla and Falcon lattice-based signatures schemes.On the offensive side, we estimate the applicability and complexity of novel attacks leveraging the lack of perfect correctness introduced in certain lattice-based encryption schemes to improve their performance. We show that such a compromise may enable decryption failures attacks in a misuse or quantum model. We finally introduce an algorithmic cryptanalysis tool that assesses the security of the mathematical problem underlying lattice-based schemes when partial knowledge of the secret is available. The usefulness of this new framework is demonstrated with the improvement and automation of several known classical, decryption-failure, and side-channel attacks.La cryptographie fondeĢe sur les reĢseaux euclidiens repreĢsente une alternative prometteuse aĢ la cryptographie asymeĢtrique utiliseĢe actuellement, en raison de sa reĢsistance preĢsumeĢe aĢ un ordinateur quantique universel. Cette nouvelle famille de scheĢmas asymeĢtriques dispose de plusieurs atouts parmi lesquels de fortes garanties theĢoriques de seĢcuriteĢ, un large choix de primitives et, pour certains de ses repreĢsentants, des performances comparables aux standards actuels. Une campagne de standardisation post-quantique organiseĢe par le NIST est en cours et plusieurs scheĢmas utilisant des reĢseaux euclidiens font partie des favoris. La communauteĢ scientifique a eĢteĢ encourageĢe aĢ les analyser car ils pourraient aĢ lāavenir eĢtre implanteĢs dans tous nos systeĢmes. Lāobjectif de cette theĢse est de contribuer aĢ cet effort.Nous eĢtudions la seĢcuriteĢ de ces nouveaux cryptosysteĢmes non seulement au sens de leur reĢsistance aĢ la cryptanalyse en āboiĢte noireā aĢ lāaide de moyens de calcul classiques, mais aussi selon un spectre plus large de modeĢles de seĢcuriteĢ, comme les attaques quantiques, les attaques supposant des failles dāutilisation, ou encore les attaques par canaux auxiliaires. Ces diffeĢrents types dāattaques ont deĢjaĢ eĢteĢ largement formaliseĢs et eĢtudieĢs par le passeĢ pour des scheĢmas asymeĢtriques et symeĢtriques preĢ-quantiques. Dans ce meĢmoire, nous analysons leur application aux nouvelles structures induites par les reĢseaux euclidiens. Notre travail est diviseĢ en deux parties compleĢmentaires : les contremesures et les attaques.La premieĢre partie regroupe nos contributions aĢ lāeffort actuel de conception de nouvelles protections algorithmiques afin de reĢpondre aux nombreuses publications reĢcentes dāattaques par canaux auxiliaires. Les travaux reĢaliseĢs en eĢquipe auxquels nous avons pris part on abouti aĢ lāintroduction de nouveaux outils matheĢmatiques pour construire des contre-mesures algorithmiques, appuyeĢes sur des preuves formelles, qui permettent de preĢvenir systeĢmatiquement les attaques physiques et par analyse de temps dāexeĢcution. Nous avons ainsi participeĢ aĢ la protection de plusieurs scheĢmas de signature fondeĢs sur les reĢseaux euclidiens comme GLP, BLISS, qTesla ou encore Falcon.Dans une seconde partie consacreĢe aĢ la cryptanalyse, nous eĢtudions dans un premier temps de nouvelles attaques qui tirent parti du fait que certains scheĢmas de chiffrement aĢ cleĢ publique ou dāeĢtablissement de cleĢ peuvent eĢchouer avec une faible probabiliteĢ. Ces eĢchecs sont effectivement faiblement correĢleĢs au secret. Notre travail a permis dāexhiber des attaques dites Ā« par eĢchec de deĢchiffrement Ā» dans des modeĢles de failles dāutilisation ou des modeĢles quantiques. Nous avons dāautre part introduit un outil algorithmique de cryptanalyse permettant dāestimer la seĢcuriteĢ du probleĢme matheĢmatique sous-jacent lorsquāune information partielle sur le secret est donneĢe. Cet outil sāest aveĢreĢ utile pour automatiser et ameĢliorer plusieurs attaques connues comme des attaques par eĢchec de deĢchiffrement, des attaques classiques ou encore des attaques par canaux auxiliaires