Side-Channel Attack on ROLLO Post-Quantum Cryptographic Scheme
Tania Richmond2021, IACR Cryptol. ePrint Arch.
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
ROLLO is a candidate to the second round of NIST PostQuantum Cryptography standardization process. In the last update in April 2020, there was a key encapsulation mechanism (ROLLO-I) and a public-key encryption scheme (ROLLO-II). In this paper, we propose an attack to recover the syndrome during the decapsulation process of ROLLO-I. From this syndrome, we explain how to perform a private keyrecovery. We target two constant-time implementations: the C reference implementation and a C implementation available on GitHub. By getting power measurements during the execution of the Gaussian elimination function, we are able to extract on a single trace each element of the syndrome. This attack can also be applied to the decryption process of ROLLO-II.
Related papers
Exploiting ROLLO’s constant-time implementations with a single-trace analysis
Designs, Codes and Cryptography
ROLLO was a candidate to the second round of NIST Post-Quantum Cryptography standardization process. In the last update in April 2020, there was a key encapsulation mechanism (ROLLO-I) and a public-key encryption scheme (ROLLO-II). In this paper, we propose an attack to recover the syndrome during the decapsulation process of ROLLO-I. From this syndrome, we explain how to perform a private keyrecovery. We target two constant-time implementations: the C reference implementation and a C implementation available on GitHub. By getting power measurements during the execution of the Gaussian elimination function, we are able to extract on a single trace each element of the syndrome. This attack can also be applied to the decryption process of ROLLO-II.
SPQCop: Side-channel protected Post-Quantum Cryptoprocessor
2019
The past few decades have seen significant progress in practically realizable quantum technologies. It is well known since the work of Peter Shor that large scale quantum computers will threaten the security of most of the currently used public key cryptographic algorithms. This has spurred the cryptography community to design algorithms which will remain safe even with the emergence of large scale quantum computing systems. An effort in this direction is the currently ongoing post-quantum cryptography (PQC) competition, which has led to the design and analysis of many concrete cryptographic constructions. Among these, Lattice based algorithms have emerged to be promising candidates. Therefore, we focus on the efficient implementation of Ring-LWE based quantum-safe key-exchange algorithms. Further, deployment of hardware implementing such algorithms in critical applications requires security against implementation attacks. In this work, we design a side channel resistant post-quantu...
On Exploiting Message Leakage in (few) NIST PQC Candidates for Practical Message Recovery and Key Recovery Attacks
2020
With the NIST Post quantum cryptography competition in final round, the importance of implementation security is highlighted in the latest call. In this regard, we report practical side-channel assisted message recovery attacks over embedded implementations of several post-quantum public key encryption (PKE) and key encapsulation mechanisms (KEM) based on the Learning With Errors (LWE) and Learning With Rounding (LWR) problem, which include three finalists and three semi-finalist candidates of the NIST standardization process. The proposed attacks target storage of the decrypted message in memory, a basic operation found in all libraries and typically unavoidable in any embedded implementation.We also identify interesting ciphertext malleability properties for LWE/LWR-based PKEs and exploit them to generalise proposed attack to different implementation choices as well as implementations protected with sidechannel countermeasures such as shuffling and masking. All proposed attacks ar...
NIST Post-Quantum Cryptography- A Hardware Evaluation Study
IACR Cryptol. ePrint Arch., 2019
Experts forecast that quantum computers can break classical cryptographic algorithms. Scientists are developing postquantum cryptographic (PQC) algorithms, that are invulnerable to quantum computer attacks. The National Institute of Standards and Technology (NIST) started a public evaluation process to standardize quantum-resistant public key algorithms. The objective of our study is to provide a hardware-based comparison of the NIST PQC candidates. For this, we use a High-Level Synthesis (HLS)-based hardware design methodology to map high-level C specifications of round 2 PQC candidates into both FPGA and ASIC implementations.
Optimized and Secure Implementation of ROLLO-I
2020
This paper presents our contribution regarding two implementations of the ROLLO-I algorithm, a code-based candidate for the NIST PQC project. The first part focuses on the implementations, and the second part analyzes a side-channel attack and the associated countermeasures. The first implementation uses existing hardware with a crypto co-processor to speed-up operations in \({\mathbb F}_{2^m}\). The second one is a full software implementation (not using the crypto co-processor), running on the same hardware. Finally, the side-channel attack allows us to recover the secret key with only 79 ciphertexts for ROLLO-I-128. We propose countermeasures in order to protect future implementations.
Updating Quantum Cryptography Report ver. 1
2009
Quantum cryptographic technology (QCT) is expected to be a fundamental technology for realizing long-term information security even against as-yet-unknown future technologies. More advanced security could be achieved using QCT together with contemporary cryptographic technologies. To develop and spread the use of QCT, it is necessary to standardize devices, protocols, and security requirements and thus enable interoperability in a multi-vendor, multi-network, and multi-service environment. This report is a technical summary of QCT and related topics from the viewpoints of 1) consensual establishment of specifications and requirements of QCT for standardization and commercialization and 2) the promotion of research and design to realize New-Generation Quantum Cryptography.
25 Years of Quantum Cryptography
ACM Sigact News, 1996
I n t r o d u c t i o n The fates of S I G A C T News and Quantum Cryptography are inseparably entangled. The exact date of Stephen Wiesner's invention of "conjugate coding" is unknown but it cannot be far from April 1969, when the premier issue of SIGACT News-or rather S I C A C T News as it was known at the time-came out. Much later, it was in S I G A C T News that Wiesner's paper finally appeared [74] in the wake of the first author's early collaboration with Charles H. Bennett [7]. It was also in SIGACT News that the original experimental demonstration for quantum key distribution was announced for the first time [6] and that a thorough bibliography was published [19]. Finally, it was in S I G A C T News that Doug Wiedemann chose to publish his discovery when he reinvented quantum key distribution in 1987, unaware of all previous work but Wiesner's [73, 5].
Post-Quantum Cryptographic Algorithm: A systematic review of round-2 candidates
ACADEMIA IN INFORMATION TECHNOLOGY PROFESSION (AITP) 2020 INTERNATIONAL CONFERENCE, 2020
The rise of the new paradigm (Quantum computing) in the recent years have created a major security challenge to classical and widely used primitive cryptography schemes such as ECC (Elliptic Curve Cryptography) and RSA (Rivest-Shamir-Adleman) Algorithm. These classical computing algorithms depend on the problems of discrete logarithm and integer factorization respectively. Recent advancements in quantum computing have made encryption schemes more vulnerable since they are weak to some quantum attacks, like Shor's Algorithm and Grove's Algorithm. Therefore the call for a new set of algorithms known as Post-Quantum cryptography (PQC) that would not be vulnerable to quantum attacks is imminent. NIST haven selected some candidates in the second round of Post-Quantum Cryptographic algorithms standardization project. This work's goal is to review these algorithms under there types. A rigorous survey on each Post-Quantum Cryptography schemes and their underlying properties will be x-rayed while recommending areas for research in this new security paradigm.
Side channel attacks in code-based cryptography
2010
The McEliece and the Niederreiter public key cryptosystems (PKC) are supposed secure in a post quantum world (4) because there is no ecient quantum algorithm for the underlying problems upon which these cryptosystems are built. The CFS, Stern and KKS signature schemes are post-quantum secure because they are based on hard problems of coding theory. The purpose of this article is to describe what kind of attacks have been proposed against code-based constructions and what is missing.
Physical security in the post-quantum era
Journal of Cryptographic Engineering, 2021
Over the past decades, quantum technology has seen consistent progress, with notable recent developments in the field of quantum computers. Traditionally, this trend has been primarily seen as a serious risk for cryptography; however, a positive aspect of quantum technology should also be stressed. In this regard, viewing this technology as a resource for honest parties rather than adversaries, it may enhance not only the security, but also the performance of specific cryptographic schemes. While considerable effort has been devoted to the design of quantum-resistant and quantum-enhanced schemes, little effort has been made to understanding their physical security. Physical security deals with the design and implementation of security measures fulfilling the practical requirements of cryptographic primitives, which are equally essential for classic and quantum ones. This survey aims to draw greater attention to the importance of physical security, with a focus on secure key generation and storage as well as secure execution. More specifically, the possibility of performing side-channel analysis in the quantum world is discussed and compared to attacks launched in the classic world. Besides, proposals for quantum random number generation and quantum physically unclonable functions are compared to their classic counterparts and further analyzed to give a better understanding of their features, advantages, and shortcomings. Finally, seen from these three perspectives, this survey provides an outlook for future research in this direction. CCS Concepts: • Security and privacy → Cryptanalysis and other attacks; Security in hardware; • Hardware → Integrated circuits; Quantum communication and cryptography.
Related papers
Side-channel and Fault-injection attacks over Lattice-based Post-quantum Schemes (Kyber, Dilithium): Survey and New Results
ACM Transactions on Embedded Computing Systems
In this work, we present a systematic study of Side-Channel Attacks (SCA) and Fault Injection Attacks (FIA) on structured lattice-based schemes, with main focus on Kyber Key Encapsulation Mechanism (KEM) and Dilithium signature scheme, which are leading candidates in the NIST standardization process for Post-Quantum Cryptography (PQC). Through our study, we attempt to understand the underlying similarities and differences between the existing attacks, while classify them into different categories. Given the wide-variety of reported attacks, simultaneous protection against all the attacks requires to implement customized protections/countermeasures for both Kyber and Dilithium. We therefore present a range of customized countermeasures, capable of providing defences/mitigations against existing SCA/FIA, and incorporate several SCA and FIA countermeasures within a single design of Kyber and Dilithium. Among the several countermeasures discussed in this work, we present novel counterme...
Side-channel attacks on the McEliece and Niederreiter public-key cryptosystems
Journal of Cryptographic Engineering, 2011
Research within "post-quantum" cryptography has focused on development of schemes that resist quantum cryptanalysis. However, if such schemes are to be deployed, practical questions of efficiency and physical security should also be addressed; this is particularly important for embedded systems. To this end, we investigate issues relating to side-channel attack against the McEliece and Niederreiter public-key cryptosystems, for example improving those presented by [20], and novel countermeasures against such attack.
Trojan-horse attacks threaten the security of practical quantum cryptography
A quantum key distribution system may be probed by an eavesdropper Eve by sending in bright light from the quantum channel and analyzing the backreflections. We propose and experimentally demonstrate a setup for mounting such a Trojan-horse attack. We show it in operation against the quantum cryptosystem Clavis2 from ID Quantique, as a proof-of-principle. With just a few back-reflected photons, Eve discerns Bob's secret basis choice, and thus the raw key bit in the Scarani-Acín-Ribordy-Gisin 2004 protocol, with higher than 90% probability. This would clearly breach the security of the cryptosystem. Unfortunately in Clavis2 Eve's bright pulses have a side effect of causing high level of afterpulsing in Bob's single-photon detectors, resulting in a high quantum bit error rate that effectively protects this system from our attack. However, in a Clavis2-like system equipped with detectors with less-noisy but realistic characteristics, an attack strategy with positive leakage of the key would exist. We confirm this by a numerical simulation. Both the eavesdropping setup and strategy can be generalized to attack most of the current QKD systems, especially if they lack proper safeguards. We also propose countermeasures to prevent such attacks.
An Efficient Non-Profiled Side-Channel Attack on the CRYSTALS-Dilithium Post-Quantum Signature
2021 IEEE 39th International Conference on Computer Design (ICCD), 2021
Post-quantum digital signature is a critical primitive of computer security in the era of quantum hegemony. As a finalist of the post-quantum cryptography standardization process, the theoretical security of the CRYSTALS-Dilithium (Dilithium) signature scheme has been quantified to withstand classical and quantum cryptanalysis. However, there is an inherent power sidechannel information leakage in its implementation instance due to the physical characteristics of hardware. This work proposes an efficient non-profiled Correlation Power Analysis (CPA) strategy on Dilithium to recover the secret key by targeting the underlying polynomial multiplication arithmetic. We first develop a conservative scheme with a reduced key guess space, which can extract a secret key coefficient with a 99.99% confidence using 157 power traces of the reference Dilithium implementation. However, this scheme suffers from the computational overhead caused by the large modulus in Dilithium signature. To further accelerate the CPA run-time, we propose a fast two-stage scheme that selects a smaller search space and then resolves false positives. We finally construct a hybrid scheme that combines the advantages of both schemes. Real-world experiment on the power measurement data shows that our hybrid scheme improves the attack's execution time by 7.77×.
Post-Quantum Cryptography: State of the Art
The New Codebreakers, 2016
Public-key cryptography is indispensable for cyber security. However, as a result of Peter Shor shows, the public-key schemes that are being used today will become insecure once quantum computers reach maturity. This paper gives an overview of the alternative public-key schemes that have the capability to resist quantum computer attacks and compares them.
Post Quantum Cryptography: Techniques, Challenges, Standardization, and Directions for Future Research
ArXiv, 2022
The development of large quantum computers will have dire consequences for cryptography. Most of the symmetric and asymmetric cryptographic algorithms are vulnerable to quantum algorithms. Grover’s search algorithm gives a square root time boost for the searching of the key in symmetric schemes like AES and 3DES. The security of asymmetric algorithms like RSA, Diffie Hellman, and ECC is based on the mathematical hardness of prime factorization and discrete logarithm. The best classical algorithms available take exponential time. Shor’s factoring algorithm can solve the problems in polynomial time. Major breakthroughs in quantum computing will render all the present-day widely used asymmetric cryptosystems insecure. This paper analyzes the vulnerability of the classical cryptosystems in the context of quantum computers, discusses various postquantum cryptosystem families, discusses the status of the NIST post-quantum cryptography standardization process, and finally provides a couple...
Cryptography in Post Quantum Computing Era
This comprehensive research paper delves into the significant challenge posed by quantum computing to modern cryptography. It highlights how quantum computing threatens traditional cryptographic systems, including public-key systems like RSA and ECC, due to its ability to solve complex mathematical problems much faster than classical computers. The paper provides an in-depth overview of cryptography in the quantum era, including a detailed examination of various post-quantum cryptographic approaches such as lattice-based, hash-based, code-based, and multivariate polynomial cryptography. It evaluates their quantum resilience and practical considerations, also exploring cross-disciplinary approaches and the role of advanced quantum algorithms in cryptanalysis. Additionally, the paper discusses hardware considerations, the adaptation of public key infrastructure for quantum resistance, and strategies for long-term cryptographic security. It assesses the impact on various industries and the need for global cooperation in addressing quantum threats. The technical challenges and limitations of current quantum-resistant algorithms are examined, along with insights from recent research and discussions on emerging trends in post-quantum cryptography. The paper concludes by underscoring the urgency of developing quantum-resistant cryptographic solutions, emphasizing the necessity for interdisciplinary research, continuous education, and global collaboration in standardization and policy development. It stresses the importance of adapting existing hardware and software infrastructure to support new algorithms and the crucial role of public-private partnerships in advancing the field of quantum cryptography.
Practical Quantum Cryptography: A Comprehensive Analysis (Part One)
We perform a comprehensive analysis of practical quantum cryptography (QC) systems implemented in actual physical environments via either free-space or fiberoptic cable quantum channels for ground-ground, ground-satellite, air-satellite and satellite-satellite links.
Algorithmic Security is Insufficient: A Comprehensive Survey on Implementation A acks Haunting Post-antum Security
This survey is on forward-looking, emerging security concerns in post-quantum era, i.e., the implementation attacks for 2022 winners of NIST post-quantum cryptography (PQC) competition and thus the visions, insights, and discussions can be used as a step forward towards scrutinizing the new standards for applications ranging from Metaverse/Web 3.0 to deeply-embedded systems. The rapid advances in quantum computing have brought immense opportunities for scientific discovery and technological progress; however, it poses a major risk to today's security since advanced quantum computers are believed to break all traditional publickey cryptographic algorithms. This has led to active research on PQC algorithms that are believed to be secure against classical and powerful quantum computers. However, algorithmic security is unfortunately insufficient, and many cryptographic algorithms are vulnerable to side-channel attacks (SCA), where an attacker passively or actively gets side-channel data to compromise the security properties that are assumed to be safe theoretically. In this survey, we explore such imminent threats and their countermeasures with respect to PQC. We provide the respective, latest advancements in PQC research, as well as assessments and providing visions on the different types of SCAs. CCS Concepts: • Security and privacy → Digital signatures; Hardware attacks and countermeasures.
DATA LOSS PREVENTION USING POST QUANTUM CRYPTOGRAPHY: OVERVIEW OF ROUND-3 ALGORITHMS
International Journal of Information System and Computer Science, 2021
The current hype of quantum computing has necessitated the need for computer security stakeholders to call for the design of security algorithms that will be quantum efficient when quantum computers finally grace our computing sphere. Recent advancements in quantum computing have made cryptographic schemes more vulnerable to quantum attacks like Shor's algorithm and Grove's algorithm. Therefore NIST call for a new set of algorithms known as Post-Quantum cryptography that would be quantum proof is imminent. Many Post quantum algorithms have been designed and tested. But only few of them made it to the round 3 (the final round). This paper reviewed these post quantum candidates. Literatures highlighting their scheme, properties, implementation and areas of security coverage was reviewed. Recommendations on future research areas in this field was itemized for this novel security paradigm as we await the final standardization of this cryptosystems.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.