Single trace analysis on constant time CDT sampler and its countermeasure

Suhri Kim, Seokhie Hong

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

The Gaussian sampler is an integral part in lattice-based cryptography as it has a direct connection to security and efficiency. Although it is theoretically secure to use the Gaussian sampler, the security of its implementation is an open issue. Therefore, researchers have started to investigate the security of the Gaussian sampler against side-channel attacks. Since the performance of the Gaussian sampler directly affects the performance of the overall cryptosystem, countermeasures considering only timing attacks are applied in the literature. In this paper, we propose the first single trace power analysis attack on a constant-time cumulative distribution table (CDT) sampler used in lattice-based cryptosystems. From our analysis, we were able to recover every sampled value in the key generation stage, so that the secret key is recovered by the Gaussian elimination. By applying our attack to the candidates submitted to the National Institute of Standards and Technology (NIST), we were able to recover over 99% of the secret keys. Additionally, we propose a countermeasure based on a look-up table. To validate the efficiency of our countermeasure, we implemented it in Lizard and measure its performance. We demonstrated that the proposed countermeasure does not degrade the performance.

Original languageEnglish
Article number1809
JournalApplied Sciences (Switzerland)
Volume8
Issue number10
DOIs
Publication statusPublished - 2018 Oct 3

Fingerprint

Trace analysis
samplers
countermeasures
time constant
Cryptography
attack
Gaussian elimination
lizards
cryptography
time measurement
Side channel attack

Keywords

  • CDT sampling
  • Gaussian sampling
  • Lattice-based cryptography
  • Post-quantum cryptography
  • Side-channel attack
  • Single trace analysis

ASJC Scopus subject areas

  • Materials Science(all)
  • Instrumentation
  • Engineering(all)
  • Process Chemistry and Technology
  • Computer Science Applications
  • Fluid Flow and Transfer Processes

Cite this

Single trace analysis on constant time CDT sampler and its countermeasure. / Kim, Suhri; Hong, Seokhie.

In: Applied Sciences (Switzerland), Vol. 8, No. 10, 1809, 03.10.2018.

Research output: Contribution to journalArticle

@article{2b05f4e44f9d4b44b267ee76f33ad997,
title = "Single trace analysis on constant time CDT sampler and its countermeasure",
abstract = "The Gaussian sampler is an integral part in lattice-based cryptography as it has a direct connection to security and efficiency. Although it is theoretically secure to use the Gaussian sampler, the security of its implementation is an open issue. Therefore, researchers have started to investigate the security of the Gaussian sampler against side-channel attacks. Since the performance of the Gaussian sampler directly affects the performance of the overall cryptosystem, countermeasures considering only timing attacks are applied in the literature. In this paper, we propose the first single trace power analysis attack on a constant-time cumulative distribution table (CDT) sampler used in lattice-based cryptosystems. From our analysis, we were able to recover every sampled value in the key generation stage, so that the secret key is recovered by the Gaussian elimination. By applying our attack to the candidates submitted to the National Institute of Standards and Technology (NIST), we were able to recover over 99{\%} of the secret keys. Additionally, we propose a countermeasure based on a look-up table. To validate the efficiency of our countermeasure, we implemented it in Lizard and measure its performance. We demonstrated that the proposed countermeasure does not degrade the performance.",
keywords = "CDT sampling, Gaussian sampling, Lattice-based cryptography, Post-quantum cryptography, Side-channel attack, Single trace analysis",
author = "Suhri Kim and Seokhie Hong",
year = "2018",
month = "10",
day = "3",
doi = "10.3390/app8101809",
language = "English",
volume = "8",
journal = "Applied Sciences (Switzerland)",
issn = "2076-3417",
publisher = "Multidisciplinary Digital Publishing Institute",
number = "10",

}

TY - JOUR

T1 - Single trace analysis on constant time CDT sampler and its countermeasure

AU - Kim, Suhri

AU - Hong, Seokhie

PY - 2018/10/3

Y1 - 2018/10/3

N2 - The Gaussian sampler is an integral part in lattice-based cryptography as it has a direct connection to security and efficiency. Although it is theoretically secure to use the Gaussian sampler, the security of its implementation is an open issue. Therefore, researchers have started to investigate the security of the Gaussian sampler against side-channel attacks. Since the performance of the Gaussian sampler directly affects the performance of the overall cryptosystem, countermeasures considering only timing attacks are applied in the literature. In this paper, we propose the first single trace power analysis attack on a constant-time cumulative distribution table (CDT) sampler used in lattice-based cryptosystems. From our analysis, we were able to recover every sampled value in the key generation stage, so that the secret key is recovered by the Gaussian elimination. By applying our attack to the candidates submitted to the National Institute of Standards and Technology (NIST), we were able to recover over 99% of the secret keys. Additionally, we propose a countermeasure based on a look-up table. To validate the efficiency of our countermeasure, we implemented it in Lizard and measure its performance. We demonstrated that the proposed countermeasure does not degrade the performance.

AB - The Gaussian sampler is an integral part in lattice-based cryptography as it has a direct connection to security and efficiency. Although it is theoretically secure to use the Gaussian sampler, the security of its implementation is an open issue. Therefore, researchers have started to investigate the security of the Gaussian sampler against side-channel attacks. Since the performance of the Gaussian sampler directly affects the performance of the overall cryptosystem, countermeasures considering only timing attacks are applied in the literature. In this paper, we propose the first single trace power analysis attack on a constant-time cumulative distribution table (CDT) sampler used in lattice-based cryptosystems. From our analysis, we were able to recover every sampled value in the key generation stage, so that the secret key is recovered by the Gaussian elimination. By applying our attack to the candidates submitted to the National Institute of Standards and Technology (NIST), we were able to recover over 99% of the secret keys. Additionally, we propose a countermeasure based on a look-up table. To validate the efficiency of our countermeasure, we implemented it in Lizard and measure its performance. We demonstrated that the proposed countermeasure does not degrade the performance.

KW - CDT sampling

KW - Gaussian sampling

KW - Lattice-based cryptography

KW - Post-quantum cryptography

KW - Side-channel attack

KW - Single trace analysis

UR - http://www.scopus.com/inward/record.url?scp=85054375619&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85054375619&partnerID=8YFLogxK

U2 - 10.3390/app8101809

DO - 10.3390/app8101809

M3 - Article

AN - SCOPUS:85054375619

VL - 8

JO - Applied Sciences (Switzerland)

JF - Applied Sciences (Switzerland)

SN - 2076-3417

IS - 10

M1 - 1809

ER -