Assessing the Feasibility of Single Trace Power Analysis of Frodo

Lattice-based schemes are among the most promising post-quantum schemes, yet the effect of both parameter and implementation choices on their side-channel resilience is still poorly understood. Aysu et al. (HOST’18) recently investigated single-trace attacks against the core lattice operation, namely multiplication between a public matrix and a “small” secret vector, in the context of a hardware implementation. We complement this work by considering single-trace attacks against software implementations of “ring-less” LWE-based constructions.

[1]  R. Schoelkopf,et al.  Superconducting Circuits for Quantum Information: An Outlook , 2013, Science.

[2]  Peter Schwabe,et al.  Online template attacks , 2014, Journal of Cryptographic Engineering.

[3]  Andreas Gerstlauer,et al.  Horizontal side-channel vulnerabilities of post-quantum key exchange protocols , 2018, 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[4]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[5]  C. Pearce,et al.  Stochastic Resonance: From Suprathreshold Stochastic Resonance to Stochastic Signal Quantization , 2008 .

[6]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[7]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[8]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[9]  Craig Costello,et al.  Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE , 2016, IACR Cryptol. ePrint Arch..

[10]  Damien Stehlé,et al.  Worst-case to average-case reductions for module lattices , 2014, Designs, Codes and Cryptography.

[11]  Elisabeth Oswald,et al.  Towards Practical Tools for Side Channel Aware Software Engineering: 'Grey Box' Modelling for Instruction Leakages , 2017, USENIX Security Symposium.

[12]  Alex Biryukov,et al.  Correlation Power Analysis of Lightweight Block Ciphers: From Theory to Practice , 2016, ACNS.

[13]  Elisabeth Oswald,et al.  A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework , 2011, CRYPTO.

[14]  Christof Paar,et al.  DPA on n-Bit Sized Boolean and Arithmetic Operations and Its Application to IDEA, RC6, and the HMAC-Construction , 2004, CHES.

[15]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[16]  John M. Martinis,et al.  State preservation by repetitive error detection in a superconducting quantum circuit , 2015, Nature.

[17]  Martin R. Albrecht,et al.  On the concrete hardness of Learning with Errors , 2015, J. Math. Cryptol..