Open AccessA Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation
Author(s) -
Kalle Ngo,
Elena Dubrova,
Qian Guo,
Thomas Johansson
Publication year - 2021
Publication title -
iacr transactions on cryptographic hardware and embedded systems
Language(s) - English
Resource type - Journals
ISSN - 2569-2925
DOI - 10.46586/tches.v2021.i4.676-707
Subject(s) - computer science , side channel attack , profiling (computer programming) , algorithm , theoretical computer science , computer network , cryptography , programming language
In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.