Template Attack of LWE/LWR-Based Schemes with Cyclic Message Rotation
The side-channel security of lattice-based post-quantum cryptography has gained extensive attention since the standardization of post-quantum cryptography. Based on the leakage mechanism in the decapsulation stage of LWE/LWR-based post-quantum cryptography, a message recovery method, with templates...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-10-01
|
| Series: | Entropy |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1099-4300/24/10/1489 |
| _version_ | 1827650298906148864 |
|---|---|
| author | Yajing Chang Yingjian Yan Chunsheng Zhu Pengfei Guo |
| author_facet | Yajing Chang Yingjian Yan Chunsheng Zhu Pengfei Guo |
| author_sort | Yajing Chang |
| collection | DOAJ |
| description | The side-channel security of lattice-based post-quantum cryptography has gained extensive attention since the standardization of post-quantum cryptography. Based on the leakage mechanism in the decapsulation stage of LWE/LWR-based post-quantum cryptography, a message recovery method, with templates and cyclic message rotation targeting the message decoding operation, was proposed. The templates were constructed for the intermediate state based on the Hamming weight model and cyclic message rotation was used to construct special ciphertexts. Using the power leakage during operation, secret messages in the LWE/LWR-based schemes were recovered. The proposed method was verified on CRYSTAL-Kyber. The experimental results demonstrated that this method could successfully recover the secret messages used in the encapsulation stage, thereby recovering the shared key. Compared with existing methods, the power traces required for templates and attack were both reduced. The success rate was significantly increased under the low SNR, indicating a better performance with lower recovery cost. The message recovery success rate could reach 99.6% with sufficient SNR. |
| first_indexed | 2024-03-09T20:14:20Z |
| format | Article |
| id | doaj.art-34dd0f029c474c189c6c89778ab6f57f |
| institution | Directory Open Access Journal |
| issn | 1099-4300 |
| language | English |
| last_indexed | 2024-03-09T20:14:20Z |
| publishDate | 2022-10-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Entropy |
| spelling | doaj.art-34dd0f029c474c189c6c89778ab6f57f2023-11-24T00:04:46ZengMDPI AGEntropy1099-43002022-10-012410148910.3390/e24101489Template Attack of LWE/LWR-Based Schemes with Cyclic Message RotationYajing Chang0Yingjian Yan1Chunsheng Zhu2Pengfei Guo3College of Cryptography Engineering, Information Engineering University, Zhengzhou 450001, ChinaCollege of Cryptography Engineering, Information Engineering University, Zhengzhou 450001, ChinaCollege of Cryptography Engineering, Information Engineering University, Zhengzhou 450001, ChinaCollege of Cryptography Engineering, Information Engineering University, Zhengzhou 450001, ChinaThe side-channel security of lattice-based post-quantum cryptography has gained extensive attention since the standardization of post-quantum cryptography. Based on the leakage mechanism in the decapsulation stage of LWE/LWR-based post-quantum cryptography, a message recovery method, with templates and cyclic message rotation targeting the message decoding operation, was proposed. The templates were constructed for the intermediate state based on the Hamming weight model and cyclic message rotation was used to construct special ciphertexts. Using the power leakage during operation, secret messages in the LWE/LWR-based schemes were recovered. The proposed method was verified on CRYSTAL-Kyber. The experimental results demonstrated that this method could successfully recover the secret messages used in the encapsulation stage, thereby recovering the shared key. Compared with existing methods, the power traces required for templates and attack were both reduced. The success rate was significantly increased under the low SNR, indicating a better performance with lower recovery cost. The message recovery success rate could reach 99.6% with sufficient SNR.https://www.mdpi.com/1099-4300/24/10/1489lattice-based post-quantum cryptographyside-channel attackdecapsulationtemplatecyclic message rotationhamming weight |
| spellingShingle | Yajing Chang Yingjian Yan Chunsheng Zhu Pengfei Guo Template Attack of LWE/LWR-Based Schemes with Cyclic Message Rotation Entropy lattice-based post-quantum cryptography side-channel attack decapsulation template cyclic message rotation hamming weight |
| title | Template Attack of LWE/LWR-Based Schemes with Cyclic Message Rotation |
| title_full | Template Attack of LWE/LWR-Based Schemes with Cyclic Message Rotation |
| title_fullStr | Template Attack of LWE/LWR-Based Schemes with Cyclic Message Rotation |
| title_full_unstemmed | Template Attack of LWE/LWR-Based Schemes with Cyclic Message Rotation |
| title_short | Template Attack of LWE/LWR-Based Schemes with Cyclic Message Rotation |
| title_sort | template attack of lwe lwr based schemes with cyclic message rotation |
| topic | lattice-based post-quantum cryptography side-channel attack decapsulation template cyclic message rotation hamming weight |
| url | https://www.mdpi.com/1099-4300/24/10/1489 |
| work_keys_str_mv | AT yajingchang templateattackoflwelwrbasedschemeswithcyclicmessagerotation AT yingjianyan templateattackoflwelwrbasedschemeswithcyclicmessagerotation AT chunshengzhu templateattackoflwelwrbasedschemeswithcyclicmessagerotation AT pengfeiguo templateattackoflwelwrbasedschemeswithcyclicmessagerotation |