Curse of Re-encryption: A Generic Power/EM Analysis on Post-Quantum KEMs

Rei Ueno; Keita Xagawa; Yutaro Tanaka; Akira Ito; Junko Takahashi; Naofumi Homma

doi:10.46586/tches.v2022.i1.296-322

Transactions on Cryptographic Hardware and Embedded Systems (Nov 2021)

Curse of Re-encryption: A Generic Power/EM Analysis on Post-Quantum KEMs

Rei Ueno,
Keita Xagawa,
Yutaro Tanaka,
Akira Ito,
Junko Takahashi,
Naofumi Homma

Affiliations

Rei Ueno: Tohoku University, 2–1–1 Katahira, Aoba-ku, Sendai-shi, 980-8577, Japan; CREST, JST, 4–1–8 Honcho, Kawaguchi, Saitama, 332-0012, Japan; PRESTO, JST, 4–1–8 Honcho, Kawaguchi, Saitama, 332-0012, Japan
Keita Xagawa: NTT Social Informatics Laboratories, Nippon Telegraph and Telephone Corporation, 3–9–11 Midori-cho, Musashino-shi, Tokyo, 180-8535, Japan
Yutaro Tanaka: Tohoku University, 2–1–1 Katahira, Aoba-ku, Sendai-shi, 980-8577, Japan; CREST, JST, 4–1–8 Honcho, Kawaguchi, Saitama, 332-0012, Japan
Akira Ito: Tohoku University, 2–1–1 Katahira, Aoba-ku, Sendai-shi, 980-8577, Japan; CREST, JST, 4–1–8 Honcho, Kawaguchi, Saitama, 332-0012, Japan
Junko Takahashi: NTT Social Informatics Laboratories, Nippon Telegraph and Telephone Corporation, 3–9–11 Midori-cho, Musashino-shi, Tokyo, 180-8535, Japan
Naofumi Homma: Tohoku University, 2–1–1 Katahira, Aoba-ku, Sendai-shi, 980-8577, Japan; CREST, JST, 4–1–8 Honcho, Kawaguchi, Saitama, 332-0012, Japan

DOI: https://doi.org/10.46586/tches.v2022.i1.296-322
Journal volume & issue: Vol. 2022, no. 1

Abstract

Read online

This paper presents a side-channel analysis (SCA) on key encapsulation mechanism (KEM) based on the Fujisaki–Okamoto (FO) transformation and its variants. The FO transformation has been widely used in actively securing KEMs from passively secure public key encryption (PKE), as it is employed in most of NIST post-quantum cryptography (PQC) candidates for KEM. The proposed attack exploits side-channel leakage during execution of a pseudorandom function (PRF) or pseudorandom number generator (PRG) in the re-encryption of KEM decapsulation as a plaintext-checking oracle that tells whether the PKE decryption result is equivalent to the reference plaintext. The generality and practicality of the plaintext-checking oracle allow the proposed attack to attain a full-key recovery of various KEMs when an active attack on the underlying PKE is known. This paper demonstrates that the proposed attack can be applied to most NIST PQC third-round KEM candidates, namely, Kyber, Saber, FrodoKEM, NTRU, NTRU Prime, HQC, BIKE, and SIKE (for BIKE, the proposed attack achieves a partial key recovery). The applicability to Classic McEliece is unclear because there is no known active attack on this cryptosystem. This paper also presents a side-channel distinguisher design based on deep learning (DL) for mounting the proposed attack on practical implementation without the use of a profiling device. The feasibility of the proposed attack is evaluated through experimental attacks on various PRF implementations (a SHAKE software, an AES software, an AES hardware, a bit-sliced masked AES software, and a masked AES hardware based on threshold implementation). Although it is difficult to implement the oracle using the leakage from the TI-based masked hardware, the success of the proposed attack against these implementations (even except for the masked hardware), which include masked software, confirms its practicality.

Published in Transactions on Cryptographic Hardware and Embedded Systems

ISSN: 2569-2925 (Online)
Publisher: Ruhr-Universität Bochum
Country of publisher: Germany
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Electronics: Computer engineering. Computer hardware; Technology: Technology (General): Industrial engineering. Management engineering: Information technology
Website: https://tches.iacr.org

About the journal

Abstract

Keywords