




























Prasanna Ravi, College of Computing and Data Science, Nanyang Technological University, Singapore
Dirmanto Jap, Temasek Labs@NTU, Singapore
Shivam Bhasin, Temasek Labs@NTU, Singapore
Sayan Das, College of Computing and Data Science, Nanyang Technological University, Singapore
Anupam Chattopadhyay, College of Computing and Data Science, Nanyang Technological University, Singapore
HQC is a code-based key encapsulation mechanism (KEM) that was selected to move to the fourth round of the NIST post-quantum standardization process. While this scheme was previously targeted by side-channel assisted chosen-ciphertext attacks for key recovery, all these attacks have relied on malformed ciphertexts for key recovery. Thus, all these attacks can be easily prevented by deploying a detection based countermeasures for invalid ciphertexts, and refreshing the secret key upon detection of an invalid ciphertext. This prevents further exposure of the secret key to the attacker and thus serves as an attractive option for protection against prior attacks. Thus, in this work, we present a critical analysis of the detection based countermeasure, and present the first side-channel based chosen-ciphertext attack that attempts to utilize only valid ciphertexts for key recovery, thereby defeating the detection based countermeasure. We propose novel attacks exploiting leakage from the ExpandAndSum and FindPeaks operations within the Reed-Muller decoder for full key recovery with 100% success rate. We show that our attacks are quite robust to noise in the side-channel measurements, and we also present novel extensions of our attack to the shuffling countermeasure on both the ExpandAndSum and FindPeaks operation, which renders the shuffling countermeasure ineffective. Our work therefore shows that low-cost detection based countermeasures can be rendered ineffective, and cannot offer standalone protection against CC-based side-channel attacks. Thus, our work encourages more study towards development of new low-cost countermeasures against CC-based side-channel attacks.
BibTeX
@misc{cryptoeprint:2023/1626,
author = {Thales Paiva and Prasanna Ravi and Dirmanto Jap and Shivam Bhasin and Sayan Das and Anupam Chattopadhyay},
title = {Et tu, Brute? {SCA} Assisted {CCA} using Valid Ciphertexts - A Case Study on {HQC} {KEM}},
howpublished = {Cryptology {ePrint} Archive, Paper 2023/1626},
year = {2023},
doi = {https://doi.org/10.1007/978-3-031-86602-9_11},
url = {https://eprint.iacr.org/2023/1626}
}
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。