对Kyber算法的二阶侧信道攻击:针对掩码哈希函数

Second-Order Side-Channel Attacks on Kyber:Targeting the Masked Hash Function

王亚琦 ¹黄帆 ¹段晓林 ¹胡红钢²

扫码查看

作者信息

1. 中国科学技术大学中国科学院电磁空间信息重点实验室,合肥 230027
2. 中国科学技术大学中国科学院电磁空间信息重点实验室,合肥 230027;合肥国家实验室,合肥 230088
折叠

摘要

最近,学术界针对 Kyber 算法提出了几种基于明文检查预言机(plaintext-checking oracle)的侧信道攻击方法.但大多数攻击方法都针对未受保护的算法实现,且掩码技术被视为一种防御措施.本文将基于明文检查预言机的侧信道攻击方法扩展到了二阶情境,并成功实施了针对一阶掩码 Kyber 算法的密钥恢复攻击.首先,分析了联合信息泄漏存在的可能性.受到 Qin 等学者在 Asiacrypt 2021 提出的二值明文检查预言机攻击方法的启发,在掩码哈希函数 Keccak 的实现中确定了 1 比特泄漏情境.改进了 Tanaka 等学者在 CHES 2023 中提出的密文构造方式,将泄漏情境从 1 比特扩展到了 32 比特,利用TVLA工具实验验证了这些泄漏情境.其次,针对这两种情境构建了基于t检验的二值明文检查预言机以及基于神经网络的多值明文检查预言机.在 ARM Cortex-M4 微控制器上运行掩码 Kyber 算法,利用所构造的预言机实施了针对掩码Kyber的实际侧信道攻击.对于 1 比特泄漏情境和 32 比特泄漏情境下,所提攻击需要至少 15788 条和 648 条能量迹来完全恢复 Kyber768 的密钥.本文的分析也可以扩展到其他使用相同掩码哈希函数的后量子密码方案.最后,将乱序策略应用于 Kyber 的一阶掩码实现,并进行泄漏测试.实验结果表明,乱序与掩码的组合策略可以有效抵抗所提出的攻击.

Abstract

Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend PC oracle based side-channel attacks to the second-order scenario and successfully conduct key-recovery attacks on the first-order masked Kyber.Firstly,we analyze the potential joint information leakage.Inspired by the binary PC oracle based attack proposed by Qin et al.at Asiacrypt 2021,we identify the 1-bit leakage scenario in the masked Keccak implementation.Moreover,we modify the ciphertexts construction described by Tanaka et al.at CHES 2023,extending the leakage scenario from 1-bit to 32-bit.With the assistance of TVLA,we validate these leakages through experiments.Secondly,for these two scenarios,we construct a binary PC oracle based on t-test and a multiple-valued PC oracle based on neural networks.Furthermore,we conduct practical side-channel attacks on masked Kyber by utilizing our oracles,with the implementation running on an ARM Cortex-M4 microcontroller.The demonstrated attacks require a minimum of 15788 and 648 traces to fully recover the key of Kyber768 in the 1-bit leakage scenario and the 32-bit leakage scenario,respectively.Our analysis may also be extended to attack other post-quantum schemes that use the same masked hash function.Finally,we apply the shuﬄing strategy to the first-order masked imple-mentation of the Kyber and perform leakage tests.Experimental results show that the combination strategy of shuﬄing and masking can effectively resist our proposed attacks.

关键词

侧信道攻击/明文检查预言机/后量子密码/掩码Kyber算法/掩码哈希函数

Key words

side-channel attack/plaintext-checking oracle/post-quantum cryptography/masked Kyber/masked hash function

引用本文复制引用

出版年

2024

密码学报

中国密码学会,北京信息科学技术研究院,中国科学技术出版社

密码学报

CSTPCDCSCD北大核心

ISSN：2095-7025

段落导航