International Association
for Cryptologic Research

The lattice-based Raccoon scheme is one of the candidates in Round 1 of the National Institute of Standards and Technology (NIST) post-quantum cryptography (PQC) additional digital signatures standardization process. As a scheme with built-in masking features, Raccoon is also a viable candidate for NIST’s Masking Circuit and Threshold Cryptography project. Current Raccoon implementations are limited to software or software-hardware co-designs only and consequently lacking in terms of high throughput performance that hardware implementations can generally promise. To achieve this, we are the first to propose a configurable and high-performance pure hardware architecture for Raccoon. The proposed FPGA architecture features extensive optimizations in key modules for Raccoon such as the modular reduction, polynomial operations, and sampling. The segmentation and loop-based scheduling scheme interacts with the defined BRAM-based memory access pattern to ensure efficient and coherent data flow under the three security levels and two masking modes (non- and first-order masking). Implementation results of Raccoon on an AMD Artix- 7 FPGA device show that our proposed architecture achieves a 1.4–2.1x speedup compared to software implementations and a 20–42x speedup compared to softwarehardware co-designs for the three security levels, despite its hardware area being comparable to that of the lightweight CRYSTALS-Dilithium architecture. Finally, a TVLA test is demonstrated on Raccoon-128 with non-masking and first-order masking to evaluate its resilience to side-channel attacks.

Deep learning (DL) has proven to be very effective for image recognition tasks, with a large body of research on various model architectures for object classification. Straight-forward application of DL to side-channel analysis (SCA) has already shown promising success, with experimentation on open-source variable key datasets showing that secret keys can be revealed with 100s traces even in the presence of countermeasures. This paper aims to further improve the application of DL for SCA, by enhancing the power of DL when targeting the secret key of cryptographic algorithms when protected with SCA countermeasures. We propose a new model, CNN-based model with Plaintext feature extension (CNNP) together with multiple convolutional filter kernel sizes and structures with deeper and narrower neural networks, which has empirically proven its effectiveness by outperforming reference profiling attack methods such as template attacks (TAs), convolutional neural networks (CNNs) and multilayer perceptron (MLP) models. Our model generates state-of-the art results when attacking the ASCAD variable-key database, which has a restricted number of training traces per key, recovering the key within 40 attack traces in comparison with order of 100s traces required by straightforward machine learning (ML) application. During the profiling stage an attacker needs no additional knowledge on the implementation, such as the masking scheme or random mask values, only the ability to record the power consumption or electromagnetic field traces, plaintext/ciphertext and the key. Additionally, no heuristic pre-processing is required in order to break the high-order masking countermeasures of the target implementation.