Paper 2022/364

Single-trace clustering power analysis of the point-swapping procedure in the three point ladder of Cortex-M4 SIKE

Aymeric Genêt and Novak Kaluđerović

Abstract

In this paper, the recommended implementation of the post-quantum key exchange SIKE for Cortex-M4 is attacked through power analysis with a single trace by clustering with the $k$-means algorithm the power samples of all the invocations of the elliptic curve point swapping function in the constant-time coordinate-randomized three point ladder. Because each sample depends on whether two consecutive bits of the private key are the same or not, a successful clustering (with $k=2$) leads to the recovery of the entire private key. The attack is naturally improved with better strategies, such as clustering the samples in the frequency domain or processing the traces with a wavelet transform, using a simpler clustering algorithm based on thresholding, and using metrics to prioritize certain keys for key validation. The attack and the proposed improvements were experimentally verified using the ChipWhisperer framework. Splitting the swapping mask into multiple shares is suggested as an effective countermeasure.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. COSADE 2022
Keywords
SIKEside-channel analysispower analysisk-means clusteringsingle-trace attackpost-quantum key exchangeisogeny-based cryptographyARM Cortex-M4
Contact author(s)
aymeric genet @ epfl ch
novak kaluderovic @ epfl ch
History
2022-03-18: received
Short URL
https://ia.cr/2022/364
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/364,
      author = {Aymeric Genêt and Novak Kaluđerović},
      title = {Single-trace clustering power analysis of the point-swapping procedure in the three point ladder of Cortex-M4 SIKE},
      howpublished = {Cryptology ePrint Archive, Paper 2022/364},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/364}},
      url = {https://eprint.iacr.org/2022/364}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.