|国家科技期刊平台
| 注册
首页|期刊导航|密码学报(中英文)|对Kyber算法的二阶侧信道攻击:针对掩码哈希函数

对Kyber算法的二阶侧信道攻击:针对掩码哈希函数

王亚琦 黄帆 段晓林 胡红钢

密码学报(中英文)2024,Vol.11Issue(6):1415-1436,22.
密码学报(中英文)2024,Vol.11Issue(6):1415-1436,22.DOI:10.13868/j.cnki.jcr.000745

对Kyber算法的二阶侧信道攻击:针对掩码哈希函数

Second-Order Side-Channel Attacks on Kyber:Targeting the Masked Hash Function

王亚琦 1黄帆 1段晓林 1胡红钢2

作者信息

  • 1. 中国科学技术大学 中国科学院电磁空间信息重点实验室,合肥 230027
  • 2. 中国科学技术大学 中国科学院电磁空间信息重点实验室,合肥 230027||合肥国家实验室,合肥 230088
  • 折叠

摘要

Abstract

Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend PC oracle based side-channel attacks to the second-order scenario and successfully conduct key-recovery attacks on the first-order masked Kyber.Firstly,we analyze the potential joint information leakage.Inspired by the binary PC oracle based attack proposed by Qin et al.at Asiacrypt 2021,we identify the 1-bit leakage scenario in the masked Keccak implementation.Moreover,we modify the ciphertexts construction described by Tanaka et al.at CHES 2023,extending the leakage scenario from 1-bit to 32-bit.With the assistance of TVLA,we validate these leakages through experiments.Secondly,for these two scenarios,we construct a binary PC oracle based on t-test and a multiple-valued PC oracle based on neural networks.Furthermore,we conduct practical side-channel attacks on masked Kyber by utilizing our oracles,with the implementation running on an ARM Cortex-M4 microcontroller.The demonstrated attacks require a minimum of 15788 and 648 traces to fully recover the key of Kyber768 in the 1-bit leakage scenario and the 32-bit leakage scenario,respectively.Our analysis may also be extended to attack other post-quantum schemes that use the same masked hash function.Finally,we apply the shuffling strategy to the first-order masked imple-mentation of the Kyber and perform leakage tests.Experimental results show that the combination strategy of shuffling and masking can effectively resist our proposed attacks.

关键词

侧信道攻击/明文检查预言机/后量子密码/掩码Kyber算法/掩码哈希函数

Key words

side-channel attack/plaintext-checking oracle/post-quantum cryptography/masked Kyber/masked hash function

分类

信息技术与安全科学

引用本文复制引用

王亚琦,黄帆,段晓林,胡红钢..对Kyber算法的二阶侧信道攻击:针对掩码哈希函数[J].密码学报(中英文),2024,11(6):1415-1436,22.

基金项目

National Natural Science Foundation of China(62472397) (62472397)

Innovation Program for Quantum Science and Technology(2021ZD0302902) (2021ZD0302902)

密码学报(中英文)

OA北大核心CSTPCD

2095-7025

访问量3
|
下载量0
段落导航相关论文