A Side-Channel-Resistant Implementation of SABER

Michiel Van Beirendonck; Jan-Pieter D’anvers; Angshuman Karmakar; Josep Balasch; Ingrid Verbauwhede

doi:10.1145/3429983

A Side-Channel-Resistant Implementation of SABER

ACM Journal on Emerging Technologies in Computing Systems ◽

10.1145/3429983 ◽

2021 ◽

Vol 17 (2) ◽

pp. 1-26

Author(s):

Michiel Van Beirendonck ◽

Jan-Pieter D’anvers ◽

Angshuman Karmakar ◽

Josep Balasch ◽

Ingrid Verbauwhede

Keyword(s):

Quantum Cryptography ◽

Real World ◽

Side Channel ◽

Specific Design ◽

Dynamic Memory ◽

Channel Resistance ◽

Embedded Platforms ◽

Critical Requirement ◽

Post Quantum Cryptography

The candidates for the NIST Post-Quantum Cryptography standardization have undergone extensive studies on efficiency and theoretical security, but research on their side-channel security is largely lacking. This remains a considerable obstacle for their real-world deployment, where side-channel security can be a critical requirement. This work describes a side-channel-resistant instance of Saber, one of the lattice-based candidates, using masking as a countermeasure. Saber proves to be very efficient to masking due to two specific design choices: power-of-two moduli and limited noise sampling of learning with rounding. A major challenge in masking lattice-based cryptosystems is the integration of bit-wise operations with arithmetic masking, requiring algorithms to securely convert between masked representations. The described design includes a novel primitive for masked logical shifting on arithmetic shares and adapts an existing masked binomial sampler for Saber. An implementation is provided for an ARM Cortex-M4 microcontroller, and its side-channel resistance is experimentally demonstrated. The masked implementation features a 2.5x overhead factor, significantly lower than the 5.7x previously reported for a masked variant of NewHope. Masked key decapsulation requires less than 3,000,000 cycles on the Cortex-M4 and consumes less than 12kB of dynamic memory, making it suitable for deployment in embedded platforms.

Download Full-text

Key Substitution Attacks on Lattice Signature Schemes Based on SIS Problem

Security and Communication Networks ◽

10.1155/2018/8525163 ◽

2018 ◽

Vol 2018 ◽

pp. 1-13

Author(s):

Youngjoo An ◽

Hyang-Sook Lee ◽

Juhee Lee ◽

Seongan Lim

Keyword(s):

Quantum Cryptography ◽

Digital Signatures ◽

Signature Scheme ◽

Promising Candidate ◽

Signature Schemes ◽

Critical Requirement ◽

Post Quantum Cryptography

The notion of key substitution security on digital signatures in the multiuser setting has been proposed by Menezes and Smart in 2004. Along with the unforgeability of signature, the key substitution security is very important since it is a critical requirement for the nonrepudiation and the authentication of the signature. Lattice-based signature is a promising candidate for post-quantum cryptography, and the unforgeability of each scheme has been relatively well studied. In this paper, we present key substitution attacks on BLISS, Lyubashevsky’s signature scheme, and GPV and thus show that these signature schemes do not provide nonrepudiation. We also suggest how to avoid key substitution attack on these schemes.

Download Full-text

Masked Accelerators and Instruction Set Extensions for Post-Quantum Cryptography

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2022.i1.414-460 ◽

2021 ◽

pp. 414-460

Author(s):

Tim Fritzmann ◽

Michiel Van Beirendonck ◽

Debapriya Basu Roy ◽

Patrick Karl ◽

Thomas Schamberger ◽

...

Keyword(s):

Quantum Cryptography ◽

Research Effort ◽

Security Evaluation ◽

Side Channel ◽

Instruction Set ◽

First Order ◽

Cycle Count ◽

Instruction Set Extensions ◽

Post Quantum Cryptography ◽

Different Characteristics

Side-channel attacks can break mathematically secure cryptographic systems leading to a major concern in applied cryptography. While the cryptanalysis and security evaluation of Post-Quantum Cryptography (PQC) have already received an increasing research effort, a cost analysis of efficient side-channel countermeasures is still lacking. In this work, we propose a masked HW/SW codesign of the NIST PQC finalists Kyber and Saber, suitable for their different characteristics. Among others, we present a novel masked ciphertext compression algorithm for non-power-of-two moduli. To accelerate linear performance bottlenecks, we developed a generic Number Theoretic Transform (NTT) multiplier, which, in contrast to previously published accelerators, is also efficient and suitable for schemes not based on NTT. For the critical non-linear operations, masked HW accelerators were developed, allowing a secure execution using RISC-V instruction set extensions. With the proposed design, we achieved a cycle count of K:214k/E:298k/D:313k for Kyber and K:233k/E:312k/D:351k for Saber with NIST Level III parameter sets. For the same parameter sets, the masking overhead for the first-order secure decapsulation operation including randomness generation is a factor of 4.48 for Kyber (D:1403k)and 2.60 for Saber (D:915k).

Download Full-text

New Directions for NewHope: Improving Performance of Post-Quantum Cryptography through Algorithm-level Pipelining

2020 International Conference on Field-Programmable Technology (ICFPT) ◽

10.1109/icfpt51103.2020.00025 ◽

2020 ◽

Author(s):

Luke Beckwith ◽

William Diehl

Keyword(s):

Quantum Cryptography ◽

New Directions ◽

Post Quantum Cryptography ◽

Algorithm Level

Download Full-text

Network Coding-Based Post-Quantum Cryptography

IEEE Journal on Selected Areas in Information Theory ◽

10.1109/jsait.2021.3054598 ◽

2021 ◽

pp. 1-1

Author(s):

Alejandro Cohen ◽

Rafael G. L. DrOliveira ◽

Salman Salamatian ◽

Muriel Medard

Keyword(s):

Network Coding ◽

Quantum Cryptography ◽

Post Quantum Cryptography

Download Full-text

Post-Quantum Cryptography

10.1007/978-3-030-81293-5 ◽

2021 ◽

Keyword(s):

Quantum Cryptography ◽

Post Quantum Cryptography

Download Full-text

Unsettled Topics Concerning the Impact of Quantum Technologies on Automotive Cybersecurity

10.4271/epr2020026 ◽

2020 ◽

Author(s):

Joachim Taiber ◽

Keyword(s):

Quantum Computing ◽

Quantum Cryptography ◽

Research Report ◽

Quantum Computers ◽

Encrypted Data ◽

Automated Vehicle ◽

Vehicle Technologies ◽

Post Quantum Cryptography ◽

Vehicle Sensors ◽

The Impact

Quantum computing is considered the “next big thing” when it comes to solving computational problems impossible to tackle using conventional computers. However, a major concern is that quantum computers could be used to crack current cryptographic schemes designed to withstand traditional cyberattacks. This threat also impacts future automated vehicles as they become embedded in a vehicle-to-everything (V2X) ecosystem. In this scenario, encrypted data is transmitted between a complex network of cloud-based data servers, vehicle-based data servers, and vehicle sensors and controllers. While the vehicle hardware ages, the software enabling V2X interactions will be updated multiple times. It is essential to make the V2X ecosystem quantum-safe through use of “post-quantum cryptography” as well other applicable quantum technologies. This SAE EDGE™ Research Report considers the following three areas to be unsettled questions in the V2X ecosystem: How soon will quantum computing pose a threat to connected and automated vehicle technologies? What steps and measures are needed to make a V2X ecosystem “quantum-safe?” What standardization is needed to ensure that quantum technologies do not pose an unacceptable risk from an automotive cybersecurity perspective?

Download Full-text