Practical Side-Channel Attack on Masked Message Encoding in Latticed-Based KEM

To defend against the rising threat of quantum computers, NIST initiated their Post-Quantum Cryptography(PQC) standardization process in 2016. During the PQC process, the security against side-channel attacks has received much attention. Lattice-based schemes are considered to be the most promising group to be standardized. Message encoding in lattice-based schemes has been proven to be vulnerable to side-channel attacks, and a first-order masked message encoder has been presented. However, there is still a lack of security evaluation for the first-order masked message encoder under different implementations. In this paper, we analyzed the security of the first-order masked message encoder of Kyber. We found although masked Kyber certainly is able to defend against the previous side-channel attacks, there still exist some exploitable leakages. With the help of the leakages, we proposed a deep learning-based key recovery attack on message encoding of masked Kyber. Our method can recover the original message from masked message encoding and then enable a chosen-ciphertext attack to recover the secret key. In our experiments, the whole secret key of masked Kyber768 was recovered with only 9 traces and the success rate of attack was close to 100%

Blink: Breaking Lattice-Based Schemes Implemented in Parallel with Chosen-Ciphertext Attack

As the message recovery-based attack poses a serious threat to lattice-based schemes, we conducted a study on the side-channel secu- rity of parallel implementations of lattice-based key encapsulation mech- anisms. Initially, we developed a power model to describe the power leakage during message encoding. Utilizing this power model, we pro- pose a multi-ciphertext message recovery attack, which can retrieve the required messages for a chosen ciphertext attack through a suitable mes- sage recovery oracle. Building upon the successful message recovery, we further develop a key recovery method based on a ciphertext-choosing strategy that maximizes key recovery accuracy, as well as a lattice reduc- tion attack capable of solving the whole private key from the target LWE instance. To assess the effectiveness of the attack, we conducted experi- ments using Kyber768 implemented on a Xilinx FPGA board. The exper- imental results demonstrate that our attack could successfully recover the private key with 9600 power traces and a computational complexity of 100 bikz, which is a significant advantage over existing attacks. Notably, our attack remains effective despite countermeasures such as masking and shuffling being implemented. This study reveals that parallel im- plementations remain vulnerable to side-channel attacks, and highlights the necessity of additional analysis and countermeasures for lattice-based schemes implemented in parallel

Lattice-based weak curve fault attack on ECDSA

ECDSA algorithm is usually used in ICT system to achieve communication authenticity. But weakness in various implementations of the algorithm may make its security deviate from theoretical guarantee. This paper proposes a new lattice-based weak curve fault attack on ECDSA. An elliptic curve is weak if the problem of ECDLP in a \emph{subgroup} of the point group $\langle G \rangle$ is computationally solvable in practice, where $G$ is the specified basis point of ECDSA algorithm. Since ECDLP is not required to be computationally practical in the whole group of $\langle G \rangle$, our approach extends the known existing attacks along this line. In detail, the proposed attack assumes a fault injection process can perturb a segment of consecutive bits of the curve parameter $a$ in the Weierstrass equation of ECDSA. An analysis on the density of smooth numbers indicates the faulty value $a\u27$ parameterized elliptic curve is weak in high probability. Then we show the faulty value $a\u27$ can be recovered by a dedicated quadratic residue distinguisher, which makes it possible to collect enough side channel information about the nonce used in the ECDSA signature generation process. With the help of these information, we can construct a lattice to recover the private key with lattice basis reduction techniques. Further, we show the same strategy can defeat the nonce masking countermeasure if the random mask is not too long, and makes the commonly employed countermeasures ineffective. To our knowledge, the problem remains untractable to the existing weak curve fault attacks. Thus the proposed approach can find more applications than the existing ones. This is demonstrated by the experimental analysis

Lattice-based Fault Attacks against ECMQV

ECMQV is a standardized key agreement protocol based on ECC with an additional implicit signature authentication. In this paper we investigate the vulnerability of ECMQV against fault attacks and propose two efficient lattice-based fault attacks. In our attacks, by inducing a storage fault to the ECC parameter $a$ before the execution of ECMQV, we can construct two kinds of weak curves and successfully pass the public-key validation step in the protocol. Then, by solving ECDLP and using a guess-and-determine method, some information of the victim\u27s temporary private key and the implicit-signature result can be deduced. Based on the retrieved information, we build two new lattice-attack models and recover the upper half of the static private key. Compared with the previous lattice-attack models, our models relax the attack conditions and do not require the exact partial knowledge of the nonces. The validity of the attacks is proven by experimental simulations, which show our attacks pose real threats to the unprotected ECMQV implementations since only one permanent fault is sufficient to retrieve half bits of the secret key

My traces learn what you did in the dark: recovering secret signals without key guesses

In side channel attack (SCA) studies, it is widely believed that unprotected implementations leak information about the intermediate states of the internal cryptographic process. However, directly recovering the intermediate states is not common practice in today\u27s SCA study. Instead, most SCAs exploit the leakages in a guess-and-determine way, where they take a partial key guess, compute the corresponding intermediate states, then try to identify which one fits the observed leakages better. In this paper, we ask whether it is possible to take the other way around---directly learning the intermediate states from the side channel leakages. Under certain circumstances, we find that the intermediate states can be efficiently recovered with the well-studied Independent Component Analysis (ICA). Specifically, we propose several methods to convert the side channel leakages into effective ICA observations. For more robust recovery, we also present a specialized ICA algorithm which exploits the specific features of circuit signals. Experiments confirm the validity of our analysis in various circumstances, where most intermediate states can be correctly recovered with only a few hundred traces. To our knowledge, this is the first attempt to directly recover the intermediate states in a completely non-profiled setting. Our approach brings new possibilities to the current SCA study, including building an alternative SCA distinguisher, directly attacking the middle encryption rounds and reverse engineering with fewer restrictions. Considering its potential in more advanced applications, we believe our ICA-based SCA deserves more research attention in the future study

The Insecurity of SHA2 under the Differential Fault Characteristic of Boolean Functions

SHA2 has been widely adopted across various traditional public-key cryptosystems, post-quantum cryptography, personal identification, and network communication protocols, etc. Hence, ensuring the robust security of SHA2 is of critical importance. There have been several differential fault attacks based on random word faults targeting SHA1 and SHACAL-2. However, extending such random word-based fault attacks to SHA2 proves significantly more difficult due to the heightened complexity of the boolean functions in SHA2. In this paper, assuming random word faults, we find some distinctive differential properties within the boolean functions in SHA2. Leveraging these findings, we propose a new differential fault attack methodology that can be effectively utilized to recover the final message block and its corresponding initial vector in SHA2, forge HMAC-SHA2 messages, extract the key of SHACAL-2, and extend our analysis to similar algorithm like SM3. We validate the effectiveness of these attacks through rigorous simulations and theoretical deductions, revealing that they indeed pose substantial threats to the security of SHA2. In our simulation-based experiments, our approach necessitates guessing $T$ bits within a register, with $T$ being no more than $5$ at most, and having a approximate $95\%$ (for SHA512) probability of guessing just $1$ bit. Moreover, upon implementing a consecutive series of 15 fault injections, the success probability for recovering one register (excluding the guessed bits) approaches $100\%$. Ultimately, approximately 928 faulty outputs based on random word faults are required to carry out the attack successfully

Lattice-based Fault Attacks on Deterministic Signature Schemes of ECDSA and EdDSA

The deterministic ECDSA and EdDSA signature schemes have found plenty of applications since their publication and standardization. Their theoretical security can be guaranteed under certain well-designed models, while their practical risks from the flaw of random number generators can be mitigated since no randomness is required by the algorithms anymore. But the situation is not completely optimistic, since it has been gradually found that delicately designed fault attacks can threaten the practical security of the schemes. We present a lattice-based fault analysis method to the deterministic ECDSA and EdDSA algorithms. The underlying fault injection model is a special case of the random fault model in~\cite{MMF2019}. By noticing the algebraic structures of the deterministic algorithms, we show that, when providing with some valid faulty signatures and an associated correct signature of the same input message, some instances of lattice problems can be constructed to recover the signing key. This makes the allowed faulty bits close to the size of the signing key, and obviously bigger than that of the existing differential fault attacks. Moreover, the lattice-based approach supports much more alternative targets of fault injection when comparing with the existing approaches, which further improves its applicability. Experiments are performed to validate the effectiveness of the key recovery method. It is demonstrated that, for 256-bit deterministic ECDSA/EdDSA, the signing key can be recovered efficiently with significant probability even if the targets are affected by 250 (or 247) faulty bits. This is, however, impractical for the existing faulty pattern enumerating approaches

A taxonomic study of Cheiloneurus Westwood (Hymenoptera, Encyrtidae) from China

Fourteen species of Cheiloneurus from China are studied. Cheiloneurus guangxiensis Zu, sp. nov., is described as new to science, and C. boldyrevi Trjapitzin & Agekyan, 1978, C. bouceki Anis & Hayat, 2002, C. gonatopodis Perkins, 1906, and C. hadrodorys Anis & Hayat, 2002 are newly recorded from China. A key to Chinese species based on females is also presented

A taxonomic study of Cheiloneurus Westwood (Hymenoptera, Encyrtidae) from China

Fourteen species of Cheiloneurus from China are studied. Cheiloneurus guangxiensis Zu, sp. nov., is described as new to science, and C. boldyrevi Trjapitzin & Agekyan, 1978, C. bouceki Anis & Hayat, 2002, C. gonatopodis Perkins, 1906, and C. hadrodorys Anis & Hayat, 2002 are newly recorded from China. A key to Chinese species based on females is also presented