Implementation Attacks on Post-Quantum Cryptographic Schemes

Post-quantum cryptographic schemes have been developed in the last decade in response to the rise of quantum computers. Fortunately, several schemes have been developed with quantum resistance. However, there is very little effort in evaluating and comparing these schemes in the embedded settings. Low cost embedded devices represents a highly-constraint environment that challenges all post-quantum cryptographic schemes. Moreover, there are even fewer efforts in evaluating the security of these schemes against implementation attacks including side-channel and fault attacks. It is commonly accepted that, any embedded cryptographic module that is built without a sound countermeasure, can be easily broken. Therefore, we investigate the question: Are we ready to implement post-quantum cryptographic schemes on embedded systems? We present an exhaustive survey of research efforts in designing embedded modules of post-quantum cryptographic schemes and the efforts in securing these modules against implementation attacks. Unfortunately, the study shows that: we are not ready yet to implement any post-quantum cryptographic scheme in practical embedded systems. There is still a considerable amount of research that needs to be conducted before reaching a satisfactory level of security.

[1]  Tsuyoshi Takagi,et al.  General Fault Attacks on Multivariate Public Key Cryptosystems , 2011, PQCrypto.

[2]  Nicholas J. Patterson,et al.  The algebraic decoding of Goppa codes , 1975, IEEE Trans. Inf. Theory.

[3]  Jacques Stern,et al.  A New Identification Scheme Based on Syndrome Decoding , 1993, CRYPTO.

[4]  Pascal Véron,et al.  Improved identification schemes based on error-correcting codes , 2009, Applicable Algebra in Engineering, Communication and Computing.

[5]  Abdulhadi Shoufan,et al.  A Novel Processor Architecture for McEliece Cryptosystem and FPGA Platforms , 2009, 2009 20th IEEE International Conference on Application-specific Systems, Architectures and Processors.

[6]  William Whyte,et al.  Timing Attacks on NTRUEncrypt Via Variation in the Number of Hash Calls , 2007, CT-RSA.

[7]  電子情報通信学会 IEICE transactions on fundamentals of electronics, communications and computer sciences , 1992 .

[8]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[9]  Paulo S. L. M. Barreto,et al.  Compact McEliece Keys from Goppa Codes , 2009, IACR Cryptol. ePrint Arch..

[10]  Lea Rausch,et al.  Optimal Parameters for XMSS MT , 2013, CD-ARES Workshops.

[11]  Johannes A. Buchmann,et al.  Merkle Signatures with Virtually Unlimited Signature Capacity , 2007, ACNS.

[12]  Falko Strenzke Timing Attacks against the Syndrome Inversion in Code-Based Cryptosystems , 2013, PQCrypto.

[13]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.

[14]  Matthieu Finiasz,et al.  How to Achieve a McEliece-Based Digital Signature Scheme , 2001, ASIACRYPT.

[15]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[16]  David R. Kaeli,et al.  Power analysis attack on hardware implementation of MAC-Keccak on FPGAs , 2014, 2014 International Conference on ReConFigurable Computing and FPGAs (ReConFig14).

[17]  Tim Güneysu,et al.  Lightweight code-based cryptography: QC-MDPC McEliece encryption on reconfigurable devices , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[18]  Cédric Lauradoux,et al.  SYND: a Fast Code-Based Stream Cipher with a Security Reduction , 2007, 2007 IEEE International Symposium on Information Theory.

[19]  Jintai Ding,et al.  Rainbow, a New Multivariable Polynomial Signature Scheme , 2005, ACNS.

[20]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[21]  Jacques Stern,et al.  An Efficient Pseudo-Random Generator Provably as Secure as Syndrome Decoding , 1996, EUROCRYPT.

[22]  Abdel Alim Kamal,et al.  Fault Analysis of the NTRUEncrypt Cryptosystem , 2011, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[23]  Thomas Eisenbarth,et al.  Faster Hash-Based Signatures with Bounded Leakage , 2013, Selected Areas in Cryptography.

[24]  Nigel P. Smart,et al.  Hash Based Digital Signature Schemes , 2005, IMACC.

[25]  Yang Li,et al.  Fault Sensitivity Analysis , 2010, CHES.

[26]  Daniel Augot,et al.  A Family of Fast Syndrome Based Cryptographic Hash Functions , 2005, Mycrypt.

[27]  Abdulhadi Shoufan,et al.  A simple power analysis attack on a McEliece cryptoprocessor , 2011, Journal of Cryptographic Engineering.

[28]  Tim Güneysu,et al.  Towards Side-Channel Resistant Implementations of QC-MDPC McEliece Encryption on Constrained Devices , 2014, PQCrypto.

[29]  Leslie Lamport,et al.  Constructing Digital Signatures from a One Way Function , 2016 .

[30]  Antoine Joux,et al.  Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases , 2003, CRYPTO.

[31]  Thomas Eisenbarth,et al.  Correlation-Enhanced Power Analysis Collision Attack , 2010, CHES.

[32]  Erik Tews,et al.  Side Channels in the McEliece PKC , 2008, PQCrypto.

[33]  Louis Goubin,et al.  Unbalanced Oil and Vinegar Signature Schemes , 1999, EUROCRYPT.

[34]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[35]  Patrick Schaumont,et al.  Side-channel countermeasure for SHA-3 at almost-zero area overhead , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[36]  Stefan Heyse,et al.  Efficient Implementations of MQPKS on Constrained Devices , 2012, CHES.

[37]  An Wang,et al.  Power Analysis Attacks and Countermeasures on NTRU-Based Wireless Body Area Networks , 2013, KSII Trans. Internet Inf. Syst..

[38]  Abdel Alim Kamal,et al.  Fault analysis of the NTRUSign digital signature scheme , 2011, Cryptography and Communications.

[39]  Thomas Eisenbarth,et al.  Differential Power Analysis of a McEliece Cryptosystem , 2015, ACNS.

[40]  Pierre-Alain Fouque,et al.  Practical Key-recovery For All Possible Parameters of SFLASH , 2011, IACR Cryptol. ePrint Arch..

[41]  An Wang,et al.  First-order collision attack on protected NTRU cryptosystem , 2013, Microprocess. Microsystems.

[42]  Christof Paar,et al.  Practical Power Analysis Attacks on Software Implementations of McEliece , 2010, PQCrypto.

[43]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[44]  Tim Güneysu,et al.  MicroEliece: McEliece for Embedded Devices , 2009, CHES.

[45]  Andreas Hülsing,et al.  W-OTS+ - Shorter Signatures for Hash-Based Signature Schemes , 2013, AFRICACRYPT.

[46]  Tim Güneysu,et al.  Smaller Keys for Code-Based Cryptography: QC-MDPC McEliece Implementations on Embedded Devices , 2013, CHES.

[47]  Paulo S. L. M. Barreto,et al.  MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes , 2013, 2013 IEEE International Symposium on Information Theory.

[48]  Bo-Yin Yang,et al.  Building Secure Tame-like Multivariate Public-Key Cryptosystems: The New TTS , 2005, ACISP.

[49]  Tsuyoshi Takagi,et al.  On the importance of protecting /spl Delta/ in SFLASH against side channel attacks , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[50]  Roberto Maria Avanzi,et al.  Side-channel attacks on the McEliece and Niederreiter public-key cryptosystems , 2011, Journal of Cryptographic Engineering.

[51]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[52]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[53]  Abdel Alim Kamal,et al.  Strengthening hardware implementations of NTRUEncrypt against fault analysis attacks , 2013, Journal of Cryptographic Engineering.

[54]  Abdulhadi Shoufan,et al.  A Timing Attack against Patterson Algorithm in the McEliece PKC , 2009, ICISC.

[55]  Ingrid Verbauwhede,et al.  Power analysis on NTRU implementations for RFIDs: First results , 2008 .

[56]  Vincent Rijmen,et al.  Efficient and First-Order DPA Resistant Implementations of Keccak , 2013, CARDIS.

[57]  Falko Strenzke,et al.  Message-aimed side channel and fault attacks against public key cryptosystems with homomorphic properties , 2011, Journal of Cryptographic Engineering.

[58]  Jintai Ding,et al.  High-Speed Hardware Implementation of Rainbow Signature on FPGAs , 2011, PQCrypto.

[59]  Patrick Schaumont,et al.  Differential Power Analysis of MAC-Keccak at Any Key-Length , 2013, IWSEC.

[60]  Pierre-Louis Cayrel,et al.  McEliece/Niederreiter PKC: Sensitivity to Fault Injection , 2010, 2010 5th International Conference on Future Information Technology.

[61]  Falko Strenzke A Timing Attack against the Secret Permutation in the McEliece PKC , 2010, PQCrypto.

[62]  Peter Schwabe,et al.  SPHINCS: Practical Stateless Hash-Based Signatures , 2015, EUROCRYPT.