Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography 2019.08.28 Bo-Yeon Sim 1 ,† , Jihoon Kwon 2 , Kyu Young Choi 2 , Jihoon Cho 2 , Aesun Park 3,† , and Dong-Guk Han 1,3, † 1 Department of Mathematics, Kookmin University, Seoul, South Korea 2 Security Research Team, Samsung SDS, Inc., Seoul, South Korea 3 Department of Financial Information Security, Kookmin University, Seoul, South Korea † SICADA( S ide C hannel A nalysis D esign A cademy) Laboratory 1 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ PKC (Public Key Cryptosystem) RSA, ECC Factoring and Discrete Logarithms [1] Peter Williston Shor, “ Algorithms for Quantum Computation: Discrete Logarithms and Factoring ”, SFCS 1994, pp. 124 -134, 1994. 2 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ PKC (Public Key Cryptosystem) 1994 Shor’s algorithm (for quantum computation) Quantum Computer RSA, ECC Factoring and Discrete Logarithms [1] Peter Williston Shor, “ Algorithms for Quantum Computation: Discrete Logarithms and Factoring ”, SFCS 1994, pp. 124 -134, 1994. 3 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ PKC (Public Key Cryptosystem) 1994 Shor’s algorithm (for quantum computation) Quantum Computer RSA, ECC Factoring and Discrete Logarithms Lattice-based Code-based Post-Quantum Cryptography Multivariate Hash-based Isogeny etc. [1] Peter Williston Shor, “ Algorithms for Quantum Computation: Discrete Logarithms and Factoring ”, SFCS 1994, pp. 124 -134, 1994. 4 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ PKC (Public Key Cryptosystem) Dec 20, 2016 Formal Call for Proposals February 24-26, 2016 April 11-13, 2018 August 22-24, 2019 PQCrypto 2016 NIST First PQC NIST Second PQC Standardization Standardization Conference Conference co-located with co-located with PQCrypto 2018 January 30, 2019 Second Round Candidates announced (26 algorithms) 5 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ PKC (Public Key Cryptosystem) Quantum Computer Code QC code Code-based Lattice-based Goppa code QC -LDPC code Post-Quantum Reed-Solomon codes QC -MDPC code Cryptography MDPC codes ⋯ Multivariate Hash-based LDPC codes Isogeny etc. • Quasi-Cyclic code for saving memory (small key sizes) 6 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ QC (Quasi-Cyclic) Code Circulant matrix The top row (or the leftmost column) of a circulant matrix is the generator of the circulant matrix ⋙ 1 ⋙ 2 ⋙ 3 ⋙ 4 Quasi-Cyclic Matrix 𝑰 = 𝐼 0 𝐼 1 7 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ QC (Quasi-Cyclic) Code Syndrome computation 𝑰 ⋅ 𝒅 ⊺ ⊺ 𝑑 0 𝑰 ⋅ 𝒅 ⊺ = × ⊺ 𝑑 1 𝐼 0 𝐼 1 = × + × ⊺ ⊺ 𝐼 1 ⋅ 𝑑 1 𝐼 0 ⋅ 𝑑 0 8 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ QC (Quasi-Cyclic) Code Syndrome computation 𝑰 ⋅ 𝒅 ⊺ 2014 Timing Attack (Simple Power Analysis) 0 1 2 3 4 0 1 0 0 1 1 0 1 0 0 × 0 1 0 1 0 0 0 1 0 1 1 0 0 1 0 ⊺ 𝐼 0 𝑑 0 9 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ Constant-Time Multiplication for QC (Quasi-Cyclic) Code Syndrome computation 𝑰 ⋅ 𝒅 ⊺ 2014 Timing Attack (Simple Power Analysis) 0 1 2 3 4 2016 Constant-Time Implementation 0 1 0 0 1 1 0 1 0 0 × 0 1 0 1 0 0 0 1 0 1 1 0 0 1 0 ⊺ 𝐼 0 𝑑 0 10 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ Constant-Time Multiplication for QC (Quasi-Cyclic) Code Syndrome computation 𝑰 ⋅ 𝒅 ⊺ 0 1 2 3 4 ⋘ ⋘ 1 1 * 1-bit 1 1 * × = + 1 1 1 1 1 1 * ⊺ 𝑑 0 ⋘ 𝟐 ⊺ 𝑑 0 ⋘ 𝟓 ⊺ 𝐼 0 𝑑 0 Calculated by Constant-Time Multiplication * ∈ {0,1} 11 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ Constant-Time Multiplication for QC (Quasi-Cyclic) Code Syndrome computation 𝑰 ⋅ 𝒅 ⊺ 8-bit word ⋯ 𝑠 − 1 0 1 8-bit 1 × 𝑠 1 𝒔 -bit 1 1 ⊺ 𝐼 0 𝑑 0 12 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ Constant-Time Multiplication for QC (Quasi-Cyclic) Code Syndrome computation 𝑰 ⋅ 𝒅 ⊺ 8-bit word ⋯ 𝒆 ⋯ 𝑠 − 1 0 1 ** 8-bit ** 1 × = + ⋯ 𝑠 1 1 1 ⊺ 𝑑 0 ⋘ 𝒆 ⊺ 𝐼 0 𝑑 0 ** ∈ 0,1 8 13 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ Constant-Time Multiplication for QC (Quasi-Cyclic) Code Syndrome computation 𝑰 ⋅ 𝒅 ⊺ 𝒆 = (𝟐𝟐𝟐𝟏𝟐𝟏𝟐𝟏) 𝟑 8-bit word 𝒆 𝟖 𝟑 𝟖 = 128-bit 16-byte 𝑺 unrotated 16-byte rotate << 𝑺 rotated 𝑑 0 ⋘ 𝒆 ⊺ 14 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ Constant-Time Multiplication for QC (Quasi-Cyclic) Code Syndrome computation 𝑰 ⋅ 𝒅 ⊺ 𝒆 = (𝟐𝟐𝟐𝟏𝟐𝟏𝟐𝟏) 𝟑 8-bit word 𝒆 𝟖 𝟑 𝟖 = 128-bit 16-byte 𝑺 & 0𝑦00 ⋯ 00 unrotated 𝒆 𝟖 = 𝟐 & 0𝑦𝑔𝑔 ⋯ 𝑔𝑔 16-byte rotate << 𝑺 rotated 𝑑 0 ⋘ 𝒆 ⊺ 15 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ Constant-Time Multiplication for QC (Quasi-Cyclic) Code Syndrome computation 𝑰 ⋅ 𝒅 ⊺ 𝒆 = (𝟐𝟐𝟐𝟏𝟐𝟏𝟐𝟏) 𝟑 8-bit word 𝒆 𝟕 𝟑 𝟕 = 64-bit 8-byte 𝑺 unrotated 𝒆 𝟖 = 𝟐 16-byte rotate << 𝑺 rotated & 0𝑦00 ⋯ 00 𝑺 unrotated 𝒆 𝟕 = 𝟐 & 0𝑦𝑔𝑔 ⋯ 𝑔𝑔 8-byte rotate << 𝑺 rotated 𝑑 0 ⋘ 𝒆 ⊺ 16 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ Constant-Time Multiplication for QC (Quasi-Cyclic) Code Syndrome computation 𝑰 ⋅ 𝒅 ⊺ 𝒆 = (𝟐𝟐𝟐𝟏𝟐𝟏𝟐𝟏) 𝟑 8-bit word 𝒆 𝟔 𝟑 𝟔 = 32-bit 4-byte 𝑺 unrotated 𝒆 𝟖 = 𝟐 16-byte rotate << 𝑺 rotated 𝑺 unrotated 𝒆 𝟕 = 𝟐 8-byte rotate << 𝑺 rotated & 0𝑦00 ⋯ 00 𝑺 unrotated 4-byte rotate << rotated 𝒆 𝟔 = 𝟐 & 0𝑦𝑔𝑔 ⋯ 𝑔𝑔 𝑺 𝑑 0 ⋘ 𝒆 ⊺ 17 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ Constant-Time Multiplication for QC (Quasi-Cyclic) Code Syndrome computation 𝑰 ⋅ 𝒅 ⊺ 𝒆 = (𝟐𝟐𝟐𝟏𝟐𝟏𝟐𝟏) 𝟑 8-bit word 𝒆 𝟓 𝟑 𝟓 = 16-bit 2-byte 𝑺 unrotated 𝒆 𝟖 = 𝟐 16-byte rotate << 𝑺 rotated 𝑺 unrotated 𝒆 𝟕 = 𝟐 8-byte rotate << 𝑺 rotated 𝑺 unrotated 4-byte rotate << rotated 𝒆 𝟔 = 𝟐 𝑺 unrotated 𝒆 𝟓 = 𝟏 & 0𝑦𝑔𝑔 ⋯ 𝑔𝑔 𝑺 & 0𝑦00 ⋯ 00 2-byte rotate << 𝑺 rotated 𝑑 0 ⋘ 𝒆 ⊺ 18 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
1. Related works ▣ Constant-Time Multiplication for QC (Quasi-Cyclic) Code Syndrome computation 𝑰 ⋅ 𝒅 ⊺ 𝒆 = (𝟐𝟐𝟐𝟏𝟐𝟏𝟐𝟏) 𝟑 8-bit word 𝒆 𝟒 𝟑 𝟒 = 8-bit 1-byte 𝑺 unrotated 𝒆 𝟖 = 𝟐 16-byte rotate << 𝑺 rotated 𝑺 unrotated 𝒆 𝟕 = 𝟐 8-byte rotate << 𝑺 rotated 𝑺 unrotated 4-byte rotate << rotated 𝒆 𝟔 = 𝟐 𝑺 unrotated 𝒆 𝟓 = 𝟏 𝑺 2-byte rotate << 𝑺 rotated 𝑑 0 ⋘ 𝒆 ⊺ & 0𝑦00 ⋯ 00 𝑺 unrotated 𝒆 𝟒 = 𝟐 & 0𝑦𝑔𝑔 ⋯ 𝑔𝑔 1-byte rotate << 𝑺 rotated 19 Side Channel Analysis Design Academy 2019. 08. 28 Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography
Recommend
More recommend
