Paper 2021/902

Breaking Masked and Shuffled CCA Secure Saber KEM by Power Analysis

Kalle Ngo, Elena Dubrova, and Thomas Johansson

Abstract

In this paper, we show that a software implementation of CCA secure Saber KEM protected by first-order masking and shuffling can be broken by deep learning-based power analysis. Using an ensemble of deep neural networks created at the profiling stage, we can recover the session key and the long-term secret key from $257 \times N$ and $24 \times 257 \times N$ traces, respectively, where $N$ is the number of repetitions of the same measurement. The value of $N$ depends on the implementation, environmental factors, acquisition noise, etc.; in our experiments $N = 10$ is enough to succeed. The neural networks are trained on a combination of 80% of traces from the profiling device with a known shuffling order and 20% of traces from the device under attack captured for all-0 and all-1 messages. ``Spicing'' the training set with traces from the device under attack helps minimize the negative effect of device variability.

Note: Section 8 is extended and improved.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Public-key cryptographypost-quantum cryptographySaber KEMLWELWR-based KEMside-channel attackpower analysis
Contact author(s)
dubrova @ kth se
History
2021-07-22: revised
2021-07-05: received
See all versions
Short URL
https://ia.cr/2021/902
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/902,
      author = {Kalle Ngo and Elena Dubrova and Thomas Johansson},
      title = {Breaking Masked and Shuffled CCA Secure Saber KEM by Power Analysis},
      howpublished = {Cryptology ePrint Archive, Paper 2021/902},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/902}},
      url = {https://eprint.iacr.org/2021/902}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.