International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation

Authors:
Kalle Ngo , KTH Royal Institute of Technology, Stockholm, Sweden
Elena Dubrova , KTH Royal Institute of Technology, Stockholm, Sweden
Qian Guo , Lund University (LTH), Lund, Sweden
Thomas Johansson , Lund University (LTH), Lund, Sweden
Download:
DOI: 10.46586/tches.v2021.i4.676-707
URL: https://tches.iacr.org/index.php/TCHES/article/view/9079
Search ePrint
Search Google
Abstract: In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.
Video from TCHES 2021
BibTeX
@article{tches-2021-31330,
  title={A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2021, Issue 4},
  pages={676-707},
  url={https://tches.iacr.org/index.php/TCHES/article/view/9079},
  doi={10.46586/tches.v2021.i4.676-707},
  author={Kalle Ngo and Elena Dubrova and Qian Guo and Thomas Johansson},
  year=2021
}