A Scan-Based Side Channel Attack on the NTRUEncrypt Cryptosystem

Scan-based Design-for-Test (DFT) is a widely deployed technique for testing hardware chips. Using this approach, all flip-flops in the design under test are connected to a scan chain where their states can be scanned out through this chain during the testing phase. Scan-based side channel attacks exploit the information obtained by analyzing the scanned data in order to retrieve secret information from cryptographic hardware devices that are designed with this testability feature. The NTRU encryption algorithm (NTRUEncrypt) is a parameterized family of lattice-based public key cryptosystems which has recently been accepted to the IEEE P1363 standards under the specifications for lattice-based public-key cryptography. In this paper, we present a scan-based side channel attack on NTRUEncrypt hardware implementations that employ scan based DFT techniques. Our attack determines the scan chain structure of the polynomial multiplication circuits used in the decryption algorithm which allows the cryptanalyst to efficiently retrieve the secret key.

[1]  Jens-Peter E Kaps,et al.  Cryptography for Ultra-Low Power Devices , 2006 .

[2]  Youhua Shi,et al.  Robust Secure Scan Design Against Scan-Based Differential Cryptanalysis , 2012, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[3]  Ramesh Karri,et al.  Secure Scan: A Design-for-Test Architecture for Crypto Chips , 2006, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[4]  Ramesh Karri,et al.  Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard , 2004, 2004 International Conferce on Test.

[5]  Yu Liu,et al.  Scan-based attacks on linear feedback shift register based stream ciphers , 2011, TODE.

[6]  Nozomu Togawa,et al.  Scan-Based Side-Channel Attack against RSA Cryptosystems Using Scan Signatures , 2010, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[7]  Dooho Choi,et al.  Countermeasures against Power Analysis Attacks for the NTRU Public Key Cryptosystem , 2010, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[8]  David Pointcheval,et al.  Analysis and Improvements of NTRU Encryption Paddings , 2002, CRYPTO.

[9]  Mariano Monteverde Giacomino NTRU software implementation for constrained devices , 2008 .

[10]  William Whyte,et al.  Timing Attacks on NTRUEncrypt Via Variation in the Number of Hash Calls , 2007, CT-RSA.

[11]  Nozomu Togawa,et al.  Scan-based attack against elliptic curve cryptosystems , 2010, 2010 15th Asia and South Pacific Design Automation Conference (ASP-DAC).

[12]  Ingrid Verbauwhede,et al.  Power analysis on NTRU implementations for RFIDs: First results , 2008 .

[13]  Ingrid Verbauwhede,et al.  Low-cost implementations of NTRU for pervasive security , 2008, 2008 International Conference on Application-Specific Systems, Architectures and Processors.

[14]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[15]  J. Hoffstein,et al.  An introduction to mathematical cryptography , 2008 .

[16]  William Whyte,et al.  Choosing Parameter Sets for NTRUEncrypt with NAEP and SVES-3 , 2005, IACR Cryptol. ePrint Arch..

[17]  Burt Kaliski,et al.  Feature: Considerations for New Public-Key Algorithms , 2000 .

[18]  Ramesh Karri,et al.  Secure scan: a design-for-test architecture for crypto chips , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[19]  Sarah Meiklejohn,et al.  Review of an introduction to mathematical cryptography by Jeffrey Hoffstein, Jill Pipher, and Joseph Silverman Springer-Verlag, 2008 , 2010, SIGA.

[20]  Joseph H. Silverman,et al.  NTRU in Constrained Devices , 2001, CHES.

[21]  Abdel Alim Kamal,et al.  Fault Analysis of the NTRUEncrypt Cryptosystem , 2011, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[22]  Nozomu Togawa,et al.  A Scan-Based Attack Based on Discriminators for AES Cryptosystems , 2009, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[23]  Bruno Rouzeyre,et al.  Secure scan techniques: a comparison , 2006, 12th IEEE International On-Line Testing Symposium (IOLTS'06).

[24]  Debdeep Mukhopadhyay,et al.  Scan Based Side Channel Attacks on Stream Ciphers and Their Counter-Measures , 2008, INDOCRYPT.

[25]  Antoine Joux,et al.  A Chosen-Ciphertext Attack against NTRU , 2000, CRYPTO.