Exposing Side-Channel Leakage of SEAL Homomorphic Encryption Library

This paper reveals a new side-channel leakage of Microsoft SEAL homomorphic encryption library. The proposed attack exploits the leakage of ternary value assignments made during the Number Theoretic Transform (NTT) sub-routine. Notably, the attack can steal the secret key coefficients from a single power/electromagnetic measurement trace. To achieve high accuracy with a single-trace, we build a novel machine-learning based side-channel profiler. Moreover, we implement a defense based on random delay insertion based defense mechanism to mitigate the shown leakage. The results on an ARM Cortex-M4F processor show that our attack extracts secret key coefficients with 98.3% accuracy and random delay insertion defense does not reduce the success rate of our attack.

[1]  Aydin Aysu,et al.  RevEAL: Single-Trace Side-Channel Leakage of the SEAL Homomorphic Encryption Library , 2022, 2022 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[2]  Andreas Gerstlauer,et al.  Horizontal Side-Channel Vulnerabilities of Post-Quantum Key Exchange and Encapsulation Protocols , 2021, ACM Trans. Embed. Comput. Syst..

[3]  Paul D. Franzon,et al.  2Deep: Enhancing Side-Channel Attacks on Lattice-Based Key-Exchange via 2-D Deep Learning , 2021, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[4]  Sujoy Sinha Roy,et al.  Generic Side-channel attacks on CCA-secure lattice-based PKE and KEMs , 2020, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[5]  Hui He,et al.  HomoPAI: A Secure Collaborative Machine Learning Platform based on Homomorphic Encryption , 2020, 2020 IEEE 36th International Conference on Data Engineering (ICDE).

[6]  Wei-Lun Huang,et al.  Power Analysis on NTRU Prime , 2019, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[7]  Robert Primas,et al.  More Practical Single-Trace Attacks on the Number Theoretic Transform , 2019, IACR Cryptol. ePrint Arch..

[8]  S. Picek,et al.  Make Some Noise. Unleashing the Power of Convolutional Neural Networks for Profiled Side-channel Analysis , 2019, IACR Transactions on Cryptographic Hardware and Embedded Systems.

[9]  Yixing Lao,et al.  nGraph-HE: a graph compiler for deep learning on homomorphically encrypted data , 2018, IACR Cryptol. ePrint Arch..

[10]  Jung Hee Cheon,et al.  Homomorphic Encryption for Arithmetic of Approximate Numbers , 2017, ASIACRYPT.

[11]  Stefan Mangard,et al.  Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption , 2017, CHES.

[12]  Shai Halevi,et al.  Algorithms in HElib , 2014, CRYPTO.

[13]  An Wang,et al.  First-order collision attack on protected NTRU cryptosystem , 2013, Microprocess. Microsystems.

[14]  Jean-Sébastien Coron,et al.  Analysis and Improvement of the Random Delay Countermeasure of CHES 2009 , 2010, CHES.

[15]  Geoffrey E. Hinton,et al.  Rectified Linear Units Improve Restricted Boltzmann Machines , 2010, ICML.

[16]  Jean-Sébastien Coron,et al.  An Efficient Method for Random Delay Generation in Embedded Software , 2009, CHES.

[17]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[18]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[19]  W. M. Gentleman,et al.  Fast Fourier Transforms: for fun and profit , 1966, AFIPS '66 (Fall).

[20]  J. Tukey,et al.  An algorithm for the machine calculation of complex Fourier series , 1965 .

[21]  Nir Drucker,et al.  Timing leakage analysis of non-constant-time NTT implementations with Harvey butterflies , 2022, IACR Cryptol. ePrint Arch..

[22]  Deepika Natarajan,et al.  SEAL-Embedded: A Homomorphic Encryption Library for the Internet of Things , 2021, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[23]  Romain Poussier,et al.  On Configurable SCA Countermeasures Against Single Trace Attacks for the NTT - A Performance Evaluation Study over Kyber and Dilithium on the ARM Cortex-M4 , 2020, IACR Cryptol. ePrint Arch..

[24]  Dong-Guk Han,et al.  Novel Single-Trace ML Profiling Attacks on NIST 3 Round candidate Dilithium , 2020, IACR Cryptol. ePrint Arch..

[25]  Alan Hanjalic,et al.  Unleashing the Power of Convolutional Neural Networks for Profiled Side-channel Analysis , 2019 .

[26]  Frederik Vercauteren,et al.  Somewhat Practical Fully Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[27]  Heng Tao Shen,et al.  Principal Component Analysis , 2009, Encyclopedia of Biometrics.