ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

논문 검색
구분 SCI
연도 ~ 키워드

상세정보

학술지 Chosen-Ciphertext Clustering Attack on CRYSTALS-KYBER using the Side-Channel Leakage of Barrett Reduction
Cited 9 time in scopus Download 220 time Share share facebook twitter linkedin kakaostory
저자
심보연, 박애선, 한동국
발행일
202211
출처
IEEE Internet of Things Journal, v.9 no.21, pp.21382-21397
ISSN
2327-4662
출판사
IEEE
DOI
https://dx.doi.org/10.1109/JIOT.2022.3179683
협약과제
21HR5500, 임베디드 시스템 악성코드 탐지·복원을 위한 RISC-V 기반 보안 CPU 아키텍처 핵심기술 개발, 강동욱
초록
This study proposes a chosen-ciphertext side-channel attack against a lattice-based key encapsulation mechanism (KEM), the third-round candidate of the national institute of standards and technology (NIST) standardization project. Unlike existing attacks that target operations, such as inverse NTT and message encoding/decoding, we target $\mathsf {Barrett~reduction}$ in the decapsulation phase of $\mathsf {CRYSTALS{-}KYBER}$ to obtain a secret key. We show that a sensitive variable-dependent leakage of $\mathsf {Barrett~reduction}$ exposes an entire secret key. The results of experiments conducted on the ARM Cortex-M4 microcontroller accomplish a success rate of 100%. We only need six chosen ciphertexts for $\mathsf {KYBER512}$ and $\mathsf {KYBER768}$ and eight chosen ciphertexts for $\mathsf {KYBER1024}$. We also show that the $\mathsf {m4}$ scheme of the $\mathsf {pqm4}$ library, an implementation with the ARM Cortex-M4 specific optimization (typically in assembly), is vulnerable to the proposed attack. In this scheme, six, nine, and twelve chosen ciphertexts are required for $\mathsf {KYBER512}$ , $\mathsf {KYBER768}$ , and $\mathsf {KYBER1024}$ , respectively.
KSP 제안 키워드
ARM Cortex, Barrett reduction, Cortex-M4, Key encapsulation mechanism, Lattice-based, National Institute of Standards and Technology, Side Channel Attacks, Side-Channel Leakage, Success rate, secret key
본 저작물은 크리에이티브 커먼즈 저작자 표시 (CC BY) 조건에 따라 이용할 수 있습니다.
저작자 표시 (CC BY)