Fast Side-Channel Security Evaluation of ECC Implementations: Shortcut Formulas for Horizontal Side-channel Attacks against ECSM with the Montgomery ladder

Horizontal attacks are a suitable tool to evaluate the (nearly) worst-case side-channel security level of ECC implementations, due to the fact that they allow extracting a large amount of information from physical observations. Motivated by the difficulty of mounting such attacks and inspired by evaluation strategies for the security of symmetric cryptography implementations, we derive shortcut formulas to estimate the success rate of horizontal differential power analysis attacks against ECSM implementations, for efficient side-channel security evaluations. We then discuss the additional leakage assumptions that we exploit for this purpose, and provide experimental confirmation that the proposed tools lead to good predictions of the attacks\u27 success

Simple Key Enumeration (and Rank Estimation) using Histograms: an Integrated Approach

The main contribution of this paper, is a new key enumeration algorithm that combines the conceptual simplicity of the rank estimation algorithm of Glowacz et al. (from FSE 2015) and the parallelizability of the enumeration algorithm of Bogdanov et al. (SAC 2015) and Martin et al. (from ASIACRYPT 2015). Our new algorithm is based on histograms. It allows obtaining simple bounds on the (small) rounding errors that it introduces and leads to straightforward parallelization. We further show that it can minimize the bandwidth of distributed key testing by selecting parameters that maximize the factorization of the lists of key candidates produced by the enumeration, which can be highly beneficial, e.g. if these tests are performed by a hardware coprocessor. We also put forward that the conceptual simplicity of our algorithm translates into efficient implementations (that slightly improve the state-of-the-art). As an additional consolidating effort, we finally describe an open source implementation of this new enumeration algorithm, combined with the FSE 2015 rank estimation one, that we make available with the paper

On Configurable SCA Countermeasures Against Single Trace Attacks for the NTT - A Performance Evaluation Study over Kyber and Dilithium on the ARM Cortex-M4

The Number Theoretic Transform (NTT) is a critical sub-block used in several structured lattice-based schemes, including Kyber and Dilithium, which are finalist candidates in the NIST\u27s standardization process for post-quantum cryptography. The NTT was shown to be susceptible to single trace side-channel attacks by Primas et al. in CHES 2017 and Pessl et al. in Latincrypt 2019 who demonstrated full key recovery from single traces on the ARM Cortex-M4 microcontroller. However, the cost of deploying suitable countermeasures to protect the NTT from these attacks on the same target platform has not yet been studied. In this work, we propose novel shuffling and masking countermeasures to protect the NTT from such single trace attacks. Firstly, we exploit arithmetic properties of twiddle constants used within the NTT computation to propose efficient and generic masking strategies for the NTT with configurable SCA resistance. Secondly, we also propose new variants of the shuffling countermeasure with varying granularity for the NTT. We perform a detailed comparative evaluation of the runtime performances for our proposed countermeasures within open source implementations of Kyber and Dilithium from the pqm4 library on the ARM Cortex-M4 microcontroller. Our proposed countermeasures yield a reasonable overhead in the range of 7%-78% across all procedures of Kyber, while the overheads are much more pronounced for Dilithium, ranging from 12%-197% for the key generation procedure and 32%-490% for the signing procedure

Key Enumeration from the Adversarial Viewpoint: When to Stop Measuring and Start Enumerating?

In this work, we formulate and investigate a pragmatic question related to practical side-channel attacks complemented with key enumeration. In a real attack scenario, after an attacker has extracted side-channel information, it is possible that despite the entropy of the key has been signicantly reduced, she cannot yet achieve a direct key recovery. If the correct key lies within a sufficiently small set of most probable keys, it can then be recovered with a plaintext and the corresponding ciphertext, by performing enumeration. Our proposal relates to the following question: how does an attacker know when to stop acquiring side-channel observations and when to start enumerating with a given computational effort? Since key enumeration is an expensive (i.e. time-consuming) task, this is an important question from an adversarial viewpoint. To answer this question, we present an efficient (heuristic) way to perform key-less rank estimation, based on simple entropy estimations using histograms

On the Worst-Case Side-Channel Security of ECC Point Randomization in Embedded Devices

Point randomization is an important countermeasure to protect Elliptic Curve Cryptography (ECC) implementations against side-channel attacks. In this paper, we revisit its worst-case security in front of advanced side-channel adversaries taking advantage of analytical techniques in order to exploit all the leakage samples of an implementation. Our main contributions in this respect are the following: first, we show that due to the nature of the attacks against the point randomization (which can be viewed as Simple Power Analyses), the gain of using analytical techniques over simpler divide-and-conquer attacks is limited. Second, we take advantage of this observation to evaluate the theoretical noise levels necessary for the point randomization to provide strong security guarantees and compare different elliptic curve coordinates systems. Then, we turn this simulated analysis into actual experiments and show that reasonable security levels can be achieved by implementations even on low-cost (e.g. 8-bit) embedded devices. Finally, we are able to bound the security on 32-bit devices against worst-case adversaries

Key enumeration, rank estimation and horizontal side-channel attacks

Since their discovery in the late 90's, side-channel attacks have been shown to be a great threat to the security of cryptographic implementations. In addition to the standard inputs and outputs of an algorithm, these attacks exploit the leakages coming from its implementation. As this additional information was not taken into account during the design of the standard schemes, they have been broken. A wide range of countermeasures has then been developed to increase the resilience of cryptographic schemes against these attacks. However, these countermeasures do not prevent attacks, but rather make them more complex to perform. As a result, the actual security of a given implementation needs to be tested in practice. A way to assess the security of an algorithm is to actually attack it in two steps. The first one, that we denote by information extraction, focuses on the way to use the information arising from the leakages as optimally as possible. The second one, that we denote by information exploitation, focuses on the way to use computational power to mitigate the lack of side-channel information after its extraction. This thesis follows this strategy and tackles both of these problems in two parts. In the first one, we focus on the leakage exploitation in the case of block ciphers. In this respect, we present new key enumeration and rank estimation algorithms and study their applicability. In the second part, we focus on the leakage extraction against elliptic curve cryptography. In that purpose, we present a method to use most of the available information against scalar multiplication algorithms through horizontal differential power attacks.(FSA - Sciences de l'ingénieur) -- UCL, 201

Comparing Approaches to Rank Estimation for Side-Channel Security Evaluations

Rank estimation is an important tool for side-channel evaluations laboratories. It allows determining the remaining security after an attack has been performed, quantied as the time complexity required to brute force the key given the leakages. Several solutions to rank estimation have been introduced in the recent years. In this paper, we rst clarify the connections between these solutions, by organizing them according to their (maximum likelihood or weak maximum likelihood) strategy and whether they take as argument a side-channel distinguishers' output or some evaluation metrics. This leads us to introduce new combinations of these approaches, and to discuss the use of weak maximum likelihood strategies for suboptimal but highly parallel enumeration. Next, we show that the dierent approaches to rank estimation can also be implemented with dierent mixes of very similar tools (e.g. histograms, convolutions, combinations and subsampling). Eventually, we provide various experiments allowing to discuss the pros and cons of these dierent approaches, hence consolidating the literature on this topic

On configurable SCA countermeasures against single trace attacks for the NTT

The Number Theoretic Transform (NTT) is a critical subblock used in several structured lattice-based schemes, including Kyber and Dilithium, which are finalist candidates in the NIST’s standardization process for post-quantum cryptography. The NTT was shown to be susceptible to single trace side-channel attacks by Primas et al. in CHES 2017 and Pessl et al. in Latincrypt 2019 who demonstrated full key recovery from single traces on the ARM Cortex-M4 microcontroller. However, the cost of deploying suitable countermeasures to protect the NTT from these attacks on the same target platform has not yet been studied. In this work, we propose novel shuffling and masking countermeasures to protect the NTT from such single trace attacks. Firstly, we exploit arithmetic properties of twiddle constants used within the NTT computation to propose efficient and generic masking strategies for the NTT with configurable SCA resistance. Secondly, we also propose new variants of the shuffling countermeasure with varying granularity for the NTT. We perform a detailed comparative evaluation of the runtime performances for our proposed countermeasures within open source implementations of Kyber and Dilithium from the pqm4 library on the ARM Cortex-M4 microcontroller. Our proposed countermeasures yield a reasonable runtime overhead in the range of 7%–78% across all procedures of Kyber, while the runtime overheads are much more pronounced for Dilithium, ranging from 12%–197% for the key generation procedure and 32%– 490% for the signing procedure.National Research Foundation (NRF)The authors acknowledge the support from the Singapore National Research Foundation (“SOCure” grant NRF2018NCR-NCR002-0001 – www.green-ic.org/socure)

Romain Poussier - Evalutation d'Attaques par Canaux Cachés : Template VS Machine Learning : Journées Codage et Cryptographie 2014

Evalutation d'Attaques par Canaux Cachés : Template VS Machine Learnin

: Journées Codage et Cryptographie 2014

Comparaison de contre-mesures contre les attaques par canaux auxiliaire