Source code for the research paper.
This repository provides a set of tools to perform non-profiled side-channel analysis attacks against (masked) implementations of Lattice-Based Cryptography (LBC):
cw/victim
: A ChipWhisperer-based Kyber768 victim project.cw/attack
: CPA, HOCPA against Kyber768 polynomial multiplication and a lattice attack on top of the side-channel analysis attacks.simulations
: HOCPA and optimal correlation simulations for NTT-based polynomial multiplication in LBC for different scenarios.
- A first-order masked Kyber768 victim project that is developed for the ChipWhisperer Framework.
- The victim only contains the polynomial multiplication part to practise non-profiled attacks.
- Implementation is from uclcrypto/pqm4_masked/
5fe90ba
. A modified version of it with Plantard reduction is achieved by integrating Plantard arithmetic from pqm43743a66
. - To build the victim, it must be moved under
chipwhisperer/hardware/victims/firmware/
. - One can switch between Plantard and Montgomery reduction through defines (see
victim/makefile
). Also, it is possible to disable masking for experimental purposes.
- HOCPA against first-order masked Kyber768 (using absolute value prediction function).
- Attack codes are built on top of scared.
- Running the lattice attack requires fpylll and implements the paper.
- Simulates the optimal correlation w.r.t. the coefficient modulus
q
, reduction (central or non-central), machine word size. - Simulates the number of traces need by second-order CPA in the above-mentioned scenarios.
When referring to this work in academic literature, please consider using the following bibTeX excerpt:
@misc{cryptoeprint:2024/066,
author = {Tolun Tosun and Amir Moradi and Erkay Savas},
title = {Exploiting the Central Reduction in Lattice-Based Cryptography},
howpublished = {Cryptology ePrint Archive, Paper 2024/066},
year = {2024},
note = {\url{https://eprint.iacr.org/2024/066}},
url = {https://eprint.iacr.org/2024/066}
}