ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Journal Article Chosen-Ciphertext Clustering Attack on CRYSTALS-KYBER using the Side-Channel Leakage of Barrett Reduction
Cited 12 time in scopus Download 249 time Share share facebook twitter linkedin kakaostory
Authors
Bo-Yeon Sim, Aesun Park, Dong-Guk Han
Issue Date
2022-11
Citation
IEEE Internet of Things Journal, v.9 no.21, pp.21382-21397
ISSN
2327-4662
Publisher
IEEE
Language
English
Type
Journal Article
DOI
https://dx.doi.org/10.1109/JIOT.2022.3179683
Project Code
21HR5500, RISC-V based Secure CPU Architecture for Embedded System Malware Detection and Response, Kang Dong Wook
Abstract
This study proposes a chosen-ciphertext side-channel attack against a lattice-based key encapsulation mechanism (KEM), the third-round candidate of the national institute of standards and technology (NIST) standardization project. Unlike existing attacks that target operations, such as inverse NTT and message encoding/decoding, we target $\mathsf {Barrett~reduction}$ in the decapsulation phase of $\mathsf {CRYSTALS{-}KYBER}$ to obtain a secret key. We show that a sensitive variable-dependent leakage of $\mathsf {Barrett~reduction}$ exposes an entire secret key. The results of experiments conducted on the ARM Cortex-M4 microcontroller accomplish a success rate of 100%. We only need six chosen ciphertexts for $\mathsf {KYBER512}$ and $\mathsf {KYBER768}$ and eight chosen ciphertexts for $\mathsf {KYBER1024}$. We also show that the $\mathsf {m4}$ scheme of the $\mathsf {pqm4}$ library, an implementation with the ARM Cortex-M4 specific optimization (typically in assembly), is vulnerable to the proposed attack. In this scheme, six, nine, and twelve chosen ciphertexts are required for $\mathsf {KYBER512}$ , $\mathsf {KYBER768}$ , and $\mathsf {KYBER1024}$ , respectively.
KSP Keywords
ARM Cortex, Barrett reduction, Cortex-M4, Key encapsulation mechanism, Lattice-based, National Institute of Standards and Technology, Side Channel Attacks, Side-Channel Leakage, Success rate, secret key
This work is distributed under the term of Creative Commons License (CCL)
(CC BY)
CC BY