Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/155579
Full metadata record
DC FieldValueLanguage
dc.contributor.authorRavi, Prasannaen_US
dc.contributor.authorEzerman, Martianus Fredericen_US
dc.contributor.authorBhasin, Shivamen_US
dc.contributor.authorChattopadhyay, Anupamen_US
dc.contributor.authorSinha Roy, Sujoyen_US
dc.date.accessioned2022-03-08T05:35:11Z-
dc.date.available2022-03-08T05:35:11Z-
dc.date.issued2022-
dc.identifier.citationRavi, P., Ezerman, M. F., Bhasin, S., Chattopadhyay, A. & Sinha Roy, S. (2022). Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs. IACR Transactions On Cryptographic Hardware and Embedded Systems, 2022(1), 722-761. https://dx.doi.org/10.46586/tches.v2022.i1.722-761en_US
dc.identifier.issn2569-2925en_US
dc.identifier.urihttps://hdl.handle.net/10356/155579-
dc.description.abstractIn this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When decapsulated by the target device, these ciphertexts ensure that a targeted intermediate variable becomes very closely related to the secret key. An attacker, who can obtain information about the secret-dependent variable through side-channels, can subsequently recover the full secret key. We propose several novel CCAs which can be carried through by using side-channel leakage from the decapsulation procedure. The attacks instantiate three different types of oracles, namely a plaintext-checking oracle, a decryptionfailure oracle, and a full-decryption oracle, and are applicable to two NTRU-based schemes, which are NTRU and NTRU Prime. The two schemes are candidates in the ongoing NIST standardization process for post-quantum cryptography. We perform experimental validation of the attacks on optimized and unprotected implementations of NTRU-based schemes, taken from the open-source pqm4 library, using the EM-based side-channel on the 32-bit ARM Cortex-M4 microcontroller. All of our proposed attacks are capable of recovering the full secret key in only a few thousand chosen ciphertext queries on all parameter sets of NTRU and NTRU Prime. Our attacks, therefore, stress on the need for concrete side-channel protection strategies for NTRUbased KEMs.en_US
dc.language.isoenen_US
dc.relation.ispartofIACR Transactions on Cryptographic Hardware and Embedded Systemsen_US
dc.rights© 2021 Prasanna Ravi, Martianus Frederic Ezerman, Shivam Bhasin, Anupam Chattopadhyay, Sujoy Sinha Roy. This work is licensed under a Creative Commons Attribution 4.0 International License.en_US
dc.subjectScience::Mathematics::Discrete mathematics::Cryptographyen_US
dc.titleWill you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMsen_US
dc.typeJournal Articleen
dc.contributor.schoolSchool of Physical and Mathematical Sciencesen_US
dc.contributor.schoolSchool of Computer Science and Engineeringen_US
dc.contributor.researchTemasek Laboratories @ NTUen_US
dc.identifier.doi10.46586/tches.v2022.i1.722-761-
dc.description.versionPublished versionen_US
dc.identifier.issue1en_US
dc.identifier.volume2022en_US
dc.identifier.spage722en_US
dc.identifier.epage761en_US
dc.subject.keywordsLattice-Based Cryptographyen_US
dc.subject.keywordsSide-Channel Attacken_US
item.fulltextWith Fulltext-
item.grantfulltextopen-
Appears in Collections:SCSE Journal Articles
SPMS Journal Articles
TL Journal Articles
Files in This Item:
File Description SizeFormat 
SCA Attack on NTRU based KEMs.pdf2.14 MBAdobe PDFThumbnail
View/Open

SCOPUSTM   
Citations 50

1
Updated on Nov 24, 2022

Page view(s)

72
Updated on Dec 5, 2022

Download(s)

15
Updated on Dec 5, 2022

Google ScholarTM

Check

Altmetric


Plumx

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.