TY - GEN
T1 - Security Assessment of NTRU Against Non-Profiled SCA
AU - Bettale, Luk
AU - Eynard, Julien
AU - Montoya, Simon
AU - Renault, Guénaël
AU - Strullu, Rémi
N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2023/1/1
Y1 - 2023/1/1
N2 - NTRU was first introduced by J. Hoffstein, J. Pipher and J.H Silverman in 1998. Its security, efficiency and compactness properties have been carefully studied for more than two decades. A key encapsulation mechanism (KEM) version was even submitted to the NIST standardization competition and made it to the final round. Even though it has not been chosen to be a new standard, NTRU remains a relevant, practical and trustful post-quantum cryptographic primitive. In this paper, we investigate the side-channel resistance of the NTRU Decrypt procedure. In contrast with previous works about side-channel analysis on NTRU, we consider a weak attacker model and we focus on an implementation that incorporates some side-channel countermeasures. The attacker is assumed to be unable to mount powerful attacks by using templates or by forging malicious ciphertexts for instance. In this context, we show how a non-profiled side-channel analysis can be done against a core operation of NTRU decryption. Despite the considered countermeasures and the weak attacker model, our experiments show that the secret key can be fully retrieved with a few tens of traces.
AB - NTRU was first introduced by J. Hoffstein, J. Pipher and J.H Silverman in 1998. Its security, efficiency and compactness properties have been carefully studied for more than two decades. A key encapsulation mechanism (KEM) version was even submitted to the NIST standardization competition and made it to the final round. Even though it has not been chosen to be a new standard, NTRU remains a relevant, practical and trustful post-quantum cryptographic primitive. In this paper, we investigate the side-channel resistance of the NTRU Decrypt procedure. In contrast with previous works about side-channel analysis on NTRU, we consider a weak attacker model and we focus on an implementation that incorporates some side-channel countermeasures. The attacker is assumed to be unable to mount powerful attacks by using templates or by forging malicious ciphertexts for instance. In this context, we show how a non-profiled side-channel analysis can be done against a core operation of NTRU decryption. Despite the considered countermeasures and the weak attacker model, our experiments show that the secret key can be fully retrieved with a few tens of traces.
KW - NTRU
KW - Non-profiled SCA
KW - Post-Quantum Cryptography
UR - https://www.scopus.com/pages/publications/85148048685
U2 - 10.1007/978-3-031-25319-5_13
DO - 10.1007/978-3-031-25319-5_13
M3 - Conference contribution
AN - SCOPUS:85148048685
SN - 9783031253188
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 248
EP - 268
BT - Smart Card Research and Advanced Applications - 21st International Conference, CARDIS 2022, Revised Selected Papers
A2 - Buhan, Ileana
A2 - Schneider, Tobias
PB - Springer Science and Business Media Deutschland GmbH
T2 - 21st International Conference on Smart Card Research and Advanced Applications, CARDIS 2022
Y2 - 7 November 2022 through 9 November 2022
ER -