상세정보
학술지
Chosen-Ciphertext Clustering Attack on CRYSTALS-KYBER using the Side-Channel Leakage of Barrett Reduction
- 저자
- 심보연, 박애선, 한동국
- 발행일
- 202211
- 출처
- IEEE Internet of Things Journal, v.9 no.21, pp.21382-21397
- ISSN
- 2327-4662
- 출판사
- IEEE
- 협약과제
- 21HR5500, 임베디드 시스템 악성코드 탐지·복원을 위한 RISC-V 기반 보안 CPU 아키텍처 핵심기술 개발, 강동욱
- 초록
- This study proposes a chosen-ciphertext side-channel attack against a lattice-based key encapsulation mechanism (KEM), the third-round candidate of the national institute of standards and technology (NIST) standardization project. Unlike existing attacks that target operations, such as inverse NTT and message encoding/decoding, we target $\mathsf {Barrett~reduction}$ in the decapsulation phase of $\mathsf {CRYSTALS{-}KYBER}$ to obtain a secret key. We show that a sensitive variable-dependent leakage of $\mathsf {Barrett~reduction}$ exposes an entire secret key. The results of experiments conducted on the ARM Cortex-M4 microcontroller accomplish a success rate of 100%. We only need six chosen ciphertexts for $\mathsf {KYBER512}$ and $\mathsf {KYBER768}$ and eight chosen ciphertexts for $\mathsf {KYBER1024}$. We also show that the $\mathsf {m4}$ scheme of the $\mathsf {pqm4}$ library, an implementation with the ARM Cortex-M4 specific optimization (typically in assembly), is vulnerable to the proposed attack. In this scheme, six, nine, and twelve chosen ciphertexts are required for $\mathsf {KYBER512}$ , $\mathsf {KYBER768}$ , and $\mathsf {KYBER1024}$ , respectively.
- KSP 제안 키워드
- ARM Cortex, Barrett reduction, Cortex-M4, Key encapsulation mechanism, Lattice-based, National Institute of Standards and Technology, Side Channel Attacks, Side-Channel Leakage, Success rate, secret key
본 저작물은 크리에이티브 커먼즈 저작자 표시 (CC BY) 조건에 따라 이용할 수 있습니다.
