Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/147131
Full metadata record
DC FieldValueLanguage
dc.contributor.authorRavi, Prasannaen_US
dc.contributor.authorPoussier, Romainen_US
dc.contributor.authorBhasin, Shivamen_US
dc.contributor.authorChattopadhyay, Anupamen_US
dc.date.accessioned2021-03-29T07:41:01Z-
dc.date.available2021-03-29T07:41:01Z-
dc.date.issued2020-
dc.identifier.citationRavi, P., Poussier, R., Bhasin, S. & Chattopadhyay, A. (2020). On configurable SCA countermeasures against single trace attacks for the NTT. International Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2020), 123-146.en_US
dc.identifier.urihttps://hdl.handle.net/10356/147131-
dc.description.abstractThe Number Theoretic Transform (NTT) is a critical subblock used in several structured lattice-based schemes, including Kyber and Dilithium, which are finalist candidates in the NIST’s standardization process for post-quantum cryptography. The NTT was shown to be susceptible to single trace side-channel attacks by Primas et al. in CHES 2017 and Pessl et al. in Latincrypt 2019 who demonstrated full key recovery from single traces on the ARM Cortex-M4 microcontroller. However, the cost of deploying suitable countermeasures to protect the NTT from these attacks on the same target platform has not yet been studied. In this work, we propose novel shuffling and masking countermeasures to protect the NTT from such single trace attacks. Firstly, we exploit arithmetic properties of twiddle constants used within the NTT computation to propose efficient and generic masking strategies for the NTT with configurable SCA resistance. Secondly, we also propose new variants of the shuffling countermeasure with varying granularity for the NTT. We perform a detailed comparative evaluation of the runtime performances for our proposed countermeasures within open source implementations of Kyber and Dilithium from the pqm4 library on the ARM Cortex-M4 microcontroller. Our proposed countermeasures yield a reasonable runtime overhead in the range of 7%–78% across all procedures of Kyber, while the runtime overheads are much more pronounced for Dilithium, ranging from 12%–197% for the key generation procedure and 32%– 490% for the signing procedure.en_US
dc.description.sponsorshipNational Research Foundation (NRF)en_US
dc.language.isoenen_US
dc.rights© 2020 Springer International Publishing AG, part of Springer Nature. All rights reserved.en_US
dc.subjectEngineering::Computer science and engineeringen_US
dc.titleOn configurable SCA countermeasures against single trace attacks for the NTTen_US
dc.typeConference Paperen
dc.contributor.schoolSchool of Physical and Mathematical Sciencesen_US
dc.contributor.schoolSchool of Computer Science and Engineeringen_US
dc.contributor.conferenceInternational Conference on Security, Privacy, and Applied Cryptography Engineering (SPACE 2020)en_US
dc.contributor.researchTemasek Laboratories @ NTUen_US
dc.identifier.spage123en_US
dc.identifier.epage146en_US
dc.subject.keywordsCryptographyen_US
dc.subject.keywordsEmbedded Systemen_US
dc.description.acknowledgementThe authors acknowledge the support from the Singapore National Research Foundation (“SOCure” grant NRF2018NCR-NCR002-0001 – www.green-ic.org/socure).en_US
item.fulltextNo Fulltext-
item.grantfulltextnone-
Appears in Collections:SPMS Conference Papers

Page view(s)

223
Updated on Dec 8, 2022

Google ScholarTM

Check

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.