Please use this identifier to cite or link to this item:
Full metadata record
DC FieldValueLanguage
dc.contributor.authorRavi, Prasannaen_US
dc.contributor.authorEzerman, Martianus Fredericen_US
dc.contributor.authorBhasin, Shivamen_US
dc.contributor.authorChattopadhyay, Anupamen_US
dc.contributor.authorSinha Roy, Sujoyen_US
dc.identifier.citationRavi, P., Ezerman, M. F., Bhasin, S., Chattopadhyay, A. & Sinha Roy, S. (2022). Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs. IACR Transactions On Cryptographic Hardware and Embedded Systems, 2022(1), 722-761.
dc.description.abstractIn this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When decapsulated by the target device, these ciphertexts ensure that a targeted intermediate variable becomes very closely related to the secret key. An attacker, who can obtain information about the secret-dependent variable through side-channels, can subsequently recover the full secret key. We propose several novel CCAs which can be carried through by using side-channel leakage from the decapsulation procedure. The attacks instantiate three different types of oracles, namely a plaintext-checking oracle, a decryptionfailure oracle, and a full-decryption oracle, and are applicable to two NTRU-based schemes, which are NTRU and NTRU Prime. The two schemes are candidates in the ongoing NIST standardization process for post-quantum cryptography. We perform experimental validation of the attacks on optimized and unprotected implementations of NTRU-based schemes, taken from the open-source pqm4 library, using the EM-based side-channel on the 32-bit ARM Cortex-M4 microcontroller. All of our proposed attacks are capable of recovering the full secret key in only a few thousand chosen ciphertext queries on all parameter sets of NTRU and NTRU Prime. Our attacks, therefore, stress on the need for concrete side-channel protection strategies for NTRUbased KEMs.en_US
dc.relation.ispartofIACR Transactions on Cryptographic Hardware and Embedded Systemsen_US
dc.rights© 2021 Prasanna Ravi, Martianus Frederic Ezerman, Shivam Bhasin, Anupam Chattopadhyay, Sujoy Sinha Roy. This work is licensed under a Creative Commons Attribution 4.0 International License.en_US
dc.subjectScience::Mathematics::Discrete mathematics::Cryptographyen_US
dc.titleWill you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMsen_US
dc.typeJournal Articleen
dc.contributor.schoolSchool of Physical and Mathematical Sciencesen_US
dc.contributor.schoolSchool of Computer Science and Engineeringen_US
dc.contributor.researchTemasek Laboratories @ NTUen_US
dc.description.versionPublished versionen_US
dc.subject.keywordsLattice-Based Cryptographyen_US
dc.subject.keywordsSide-Channel Attacken_US
item.fulltextWith Fulltext-
Appears in Collections:SCSE Journal Articles
SPMS Journal Articles
TL Journal Articles
Files in This Item:
File Description SizeFormat 
SCA Attack on NTRU based KEMs.pdf2.14 MBAdobe PDFThumbnail

Citations 50

Updated on Nov 24, 2022

Page view(s)

Updated on Dec 5, 2022


Updated on Dec 5, 2022

Google ScholarTM




Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.