3 research outputs found
Standard Lattice-Based Key Encapsulation on Embedded Devices
Lattice-based cryptography is one of the most promising candidates being considered to replace current public-key systems in the era of quantum computing. In 2016, Bos et al. proposed the key exchange scheme FrodoCCS, that is also a submission to the NIST post-quantum standardization process, modified as a key encapsulation mechanism (FrodoKEM). The security of the scheme is based on standard lattices and the learning with errors problem. Due to the large parameters, standard latticebased schemes have long been considered impractical on embedded devices. The FrodoKEM proposal actually comes with parameters that bring standard lattice-based cryptography within reach of being feasible on constrained devices. In this work, we take the final step of efficiently implementing the scheme on a low-cost FPGA and microcontroller devices and thus making conservative post-quantum cryptography practical on small devices. Our FPGA implementation of the decapsulation (the computationally most expensive operation) needs 7,220 look-up tables (LUTs), 3,549 flip-flops (FFs), a single DSP, and only 16 block RAM modules. The maximum clock frequency is 162 MHz and it takes 20.7 ms for the execution of the decapsulation. Our microcontroller implementation has a 66% reduced peak stack usage in comparison to the reference implementation and needs 266 ms for key pair generation, 284 ms for encapsulation, and 286 ms for decapsulation. Our results contribute to the practical evaluation of a post-quantum standardization candidate
A Statistical Verification Method of Random Permutations for Hiding Countermeasure Against Side-Channel Attacks
As NIST is putting the final touches on the standardization of PQC (Post
Quantum Cryptography) public key algorithms, it is a racing certainty that
peskier cryptographic attacks undeterred by those new PQC algorithms will
surface. Such a trend in turn will prompt more follow-up studies of attacks and
countermeasures. As things stand, from the attackers' perspective, one viable
form of attack that can be implemented thereupon is the so-called "side-channel
attack". Two best-known countermeasures heralded to be durable against
side-channel attacks are: "masking" and "hiding". In that dichotomous picture,
of particular note are successful single-trace attacks on some of the NIST's
PQC then-candidates, which worked to the detriment of the former: "masking". In
this paper, we cast an eye over the latter: "hiding". Hiding proves to be
durable against both side-channel attacks and another equally robust type of
attacks called "fault injection attacks", and hence is deemed an auspicious
countermeasure to be implemented. Mathematically, the hiding method is
fundamentally based on random permutations. There has been a cornucopia of
studies on generating random permutations. However, those are not tied to
implementation of the hiding method. In this paper, we propose a reliable and
efficient verification of permutation implementation, through employing
Fisher-Yates' shuffling method. We introduce the concept of an n-th order
permutation and explain how it can be used to verify that our implementation is
more efficient than its previous-gen counterparts for hiding countermeasures.Comment: 29 pages, 6 figure
1/0 Shades of UC: Photonic Side-Channel Analysis of Universal Circuits
A universal circuit (UC) can be thought of as a programmable circuit that
can simulate any circuit up to a certain size by specifying its secret configuration bits. UCs have been incorporated into various applications, such as private function evaluation (PFE). Recently, studies have attempted to formalize the concept of semiconductor intellectual property (IP) protection in the context of UCs. This is despite the observations made in theory and practice that, in reality, the adversary may obtain additional information about the secret when executing cryptographic protocols. This paper aims to answer the question of whether UCs leak information unintentionally, which can be leveraged by the adversary to disclose the configuration bits. In this regard, we propose the first photon emission analysis against UCs relying on computer vision-based approaches. We demonstrate that the adversary can utilize a cost-effective solution to take images to be processed by off-the-shelf algorithms to extract configuration bits. We examine the efficacy of our method in two scenarios: (1) the design is small enough to be captured in a single image during the attack phase, and (2) multiple images should be captured to launch the attack by deploying a divide-and-conquer strategy. To evaluate the effectiveness of our attack, we use metrics commonly applied in side-channel analysis, namely rank and success rate. By doing so, we show that our profiled photon emission analysis achieves a success rate of 1 by employing a few templates (concretely, only 18 images were used as templates)