NewHope二項式抽樣模板攻擊

Abstract

NewHope是一個被看好極有可能成為未來後量子密碼系統的演算法。在分析它抵禦量子電腦攻擊的安全性之餘，密碼系統實作的安全性也是一項重要的議題。本論文中，我們首先分析NewHope演算法中可能成為旁通道分析目標的模組。接著，我們針對其二項式抽樣的實作進行旁通道模板攻擊。實驗的結果顯示出攻擊者可以從單一次的功率消耗波形中，以100\%的成功率分析出二項式抽樣出的秘密參數。

The NewHope cryptosystem is a promising candidate for the future post-quantum cryptography standard. Besides its security against the attacks from quantum and classical computers, the side-channel security is also an important issue to the implementation of a cryptosystem. In this thesis, we first evaluate the potential side-channel vulnerabilities in the NewHope cryptosystem. Then, a template attack is presented, which can reveal the secret information generated by the Binomial Sampling Function and compromise the security of the cryptosystem. The result shows a 100% success rate of recovering the secrets by only using a single side-channel power consumption trace.