Paper 2023/142
On the Feasibility of Single-Trace Attacks on the Gaussian Sampler using a CDT
Abstract
We present a single-trace attack against lattice-based KEMs using the cumulative distribution table for Gaussian sampling and execute it in a real-world environment. Our analysis takes a single power trace of the decapsulation algorithm as input and exploits leakage of the Gaussian sampling subroutine to reveal the session key. We investigated the feasibility of the attack on different boards and proved that the power consumption traces become less informative with higher clock frequencies. Therefore, we introduce a machine-learning denoising technique, which enhances the accuracy of our attack and leverages its success rate to 100%. We accomplish the attack on FrodoKEM, a lattice-based KEM and third-round alternate candidate. We execute it on a Cortex-M4 board equipped with an STM32F4 micro-controller clocked at different frequencies.
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Preprint.
- Keywords
- FrodoKEMGaussian samplerMachine-LearningPost-quantum cryptographyPower analysisSide-channel analysis
- Contact author(s)
-
soundes marzougui @ tu-berlin de
kabin @ ihp-microelectronics com
juliane kraemer @ ur de
thomas aulbach @ ur de
Jean-Pierre Seifert @ external telekom de - History
- 2023-02-15: approved
- 2023-02-06: received
- See all versions
- Short URL
- https://ia.cr/2023/142
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/142,
author = {Soundes Marzougui and Ievgan Kabin and Juliane Krämer and Thomas Aulbach and Jean-Pierre Seifert},
title = {On the Feasibility of Single-Trace Attacks on the Gaussian Sampler using a {CDT}},
howpublished = {Cryptology {ePrint} Archive, Paper 2023/142},
year = {2023},
url = {https://eprint.iacr.org/2023/142}
}
