NewHope二項式抽樣模板攻擊

CHUN-YU PENG; 彭俊又

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/665

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	鄭振牟
dc.contributor.author	CHUN-YU PENG	en
dc.contributor.author	彭俊又	zh_TW
dc.date.accessioned	2021-05-11T04:54:31Z	-
dc.date.available	2019-08-20
dc.date.available	2021-05-11T04:54:31Z	-
dc.date.copyright	2019-08-20
dc.date.issued	2019
dc.date.submitted	2019-08-13
dc.identifier.citation	[1] G. Alagic, G. Alagic, J. AlperinSheriff, D. Apon, D. Cooper, Q. Dang, Y.K. Liu, C. Miller, D. Moody, R. Peralta, et al. Status Report on the First Round of the NIST PostQuantum Cryptography Standardization Process. US Department of Commerce,National Institute of Standards and Technology, 2019. [2] E. Alkim, L. Ducas, T. Pöppelmann, and P. Schwabe. Newhope without reconciliation. IACR Cryptology ePrint Archive, 2016:1157, 2016. [3] E. Alkim, L. Ducas, T. Pöppelmann, and P. Schwabe. Postquantum key exchange—a new hope. In 25th {USENIX} Security Symposium ({USENIX} Security 16), pages 327–343, 2016. [4] C. Archambeau, E. Peeters, F.X. Standaert, and J.J. Quisquater. Template attacks in principal subspaces. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 1–14. Springer, 2006. [5] A. Bauer, H. Gilbert, G. Renault, and M. Rossi. Assessment of the keyreuse resilience of newhope. In Cryptographers＇Track at the RSA Conference, pages 272–292. Springer, 2019. [6] S. Bhasin, J.L. Danger, S. Guilley, and Z. Najm. Nicv: normalized interclass variance for detection of sidechannel leakage. In 2014 International Symposium on Electromagnetic Compatibility, Tokyo, pages 310–313. IEEE, 2014. [7] S. Chari, J. R. Rao, and P. Rohatgi. Template attacks. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 13–28. Springer, 2002. [8] L. Chen, L. Chen, S. Jordan, Y.K. Liu, D. Moody, R. Peralta, R. Perlner, and D. SmithTone. Report on postquantum cryptography. US Department of Commerce, National Institute of Standards and Technology, 2016. [9] O. Choudary and M. G. Kuhn. Efficient template attacks. In International Conference on Smart Card Research and Advanced Applications, pages 253–270. Springer, 2013. [10] C. Clavier, D. Marion, and A. Wurcker. Simple power analysis on aes key expansion revisited. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 279–297. Springer, 2014. [11] B. J. Gilbert Goodwill, J. Jaffe, P. Rohatgi, et al. A testing methodology for sidechannel resistance validation. In NIST noninvasive attack testing workshop, volume 7, pages 115–136, 2011. [12] M. J. Kannwischer, J. Rijneveld, P. Schwabe, and K. Stoffelen. PQM4: Postquantum crypto library for the ARM CortexM4. https://github.com/mupq/pqm4. [13] P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In Annual International Cryptology Conference, pages 388–397. Springer, 1999. [14] V. Lyubashevsky, C. Peikert, and O. Regev. On ideal lattices and learning with errors over rings. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 1–23. Springer, 2010. [15] S. Mangard, E. Oswald, and T. Popp. Power analysis attacks: Revealing the secrets of smart cards, volume 31. Springer Science & Business Media, 2008. [16] T. Oder, T. Schneider, T. Pöppelmann, and T. Güneysu. Practical cca2secure and masked ringlwe implementation. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 142–174, 2018. [17] C. O＇Flynn and Z. Chen. Synchronous sampling and clock recovery of internal oscillators for side channel analysis and fault injection. Journal of Cryptographic Engineering, 5(1):53–69, 2015. [18] C. O＇Flynn and Z. D. Chen. Chipwhisperer: An opensource platform for hardware embedded security research. In International Workshop on Constructive SideChannel Analysis and Secure Design, pages 243–260. Springer, 2014. [19] A. Park and D.G. Han. Chosen ciphertext simple power analysis on software 8bit implementation of ringlwe encryption. In 2016 IEEE Asian HardwareOriented Security and Trust (AsianHOST), pages 1–6. IEEE, 2016. [20] T. Poppelmann, E. Alkim, R. Avanzi, J. Bos, L. Ducas, A. de la Piedra, P. Schwabe, and D. Stebila. Newhope. NIST submissions, 2017. [21] R. Primas, P. Pessl, and S. Mangard. Singletrace sidechannel attacks on masked latticebased encryption. In International Conference on Cryptographic Hardware and Embedded Systems, pages 513–533. Springer, 2017. [22] O. Regev. On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM (JACM), 56(6):34, 2009. [23] M.J. O. Saarinen. Arithmetic coding and blinding countermeasures for ringlwe. IACR Cryptology ePrint Archive, 2016:276, 2016.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/handle/123456789/665	-
dc.description.abstract	NewHope是一個被看好極有可能成為未來後量子密碼系統的演算法。在分析它抵禦量子電腦攻擊的安全性之餘，密碼系統實作的安全性也是一項重要的議題。本論文中，我們首先分析NewHope演算法中可能成為旁通道分析目標的模組。接著，我們針對其二項式抽樣的實作進行旁通道模板攻擊。實驗的結果顯示出攻擊者可以從單一次的功率消耗波形中，以100\%的成功率分析出二項式抽樣出的秘密參數。	zh_TW
dc.description.abstract	The NewHope cryptosystem is a promising candidate for the future post-quantum cryptography standard. Besides its security against the attacks from quantum and classical computers, the side-channel security is also an important issue to the implementation of a cryptosystem. In this thesis, we first evaluate the potential side-channel vulnerabilities in the NewHope cryptosystem. Then, a template attack is presented, which can reveal the secret information generated by the Binomial Sampling Function and compromise the security of the cryptosystem. The result shows a 100% success rate of recovering the secrets by only using a single side-channel power consumption trace.	en
dc.description.provenance	Made available in DSpace on 2021-05-11T04:54:31Z (GMT). No. of bitstreams: 1 ntu-108-R06943082-1.pdf: 2476210 bytes, checksum: 210ed3684ab7bcd286186fabacbdb76c (MD5) Previous issue date: 2019	en
dc.description.tableofcontents	1 Introduction 1 1.1 NIST PQC Standardization Project 2 1.2 Roadmap 4 2 NewHope 5 2.1 Preliminaries 5 2.1.1 Mathematical background 5 2.1.2 Ring Learning with Errors 6 2.2 Algorithm Description 7 2.2.1 Key Generation 8 2.2.2 Encapsulation 8 2.2.3 Decapsulation 8 3 Side-Channel Analysis and Template Attack 11 3.1 Side-Channel Analysis 11 3.2 Leakage Assessment Techniques 12 3.2.1 Test Vector Leakage Assessment 12 3.2.2 Signal-to-Noise Ratio 13 3.2.3 Normalized Inter-Class Variance 13 3.3 Template Attack 14 3.3.1 Point of Interest Selection 17 3.3.2 Principal Component Analysis 17 3.3.3 Linear Discriminant Analysis 18 3.3.4 PCA vs. LDA 19 4 Side-Channel Evaluation on NewHope 21 4.1 Side-Channel Evaluation on the modules 21 4.2 Related Works 23 4.3 Evaluation on the Binomial Sampling Function 24 5 Experiment 27 5.1 Experiment Setup 27 5.2 Leakage Assessment on the Binomial Sampling Function 28 5.3 Template Attack on the Binomial Sampling Function 29 5.3.1 POI-based Template Attack 29 5.3.2 LDA-Based Template Attack 30 5.3.3 Discussion 31 5.3.4 Mitigation 33 6 Concolusion 35 Reference 37
dc.language.iso	en
dc.title	NewHope二項式抽樣模板攻擊	zh_TW
dc.title	A Template Attack on Binomial Sampling in NewHope	en
dc.date.schoolyear	107-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	楊柏因,洪維志
dc.subject.keyword	NewHope,後量子密碼學,旁通道分析,模板攻擊,	zh_TW
dc.subject.keyword	NewHope,PQC,Side-Channel Analysis,Template Attack,	en
dc.relation.page	39
dc.identifier.doi	10.6342/NTU201903050
dc.rights.note	同意授權(全球公開)
dc.date.accepted	2019-08-13
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電子工程學研究所	zh_TW
顯示於系所單位：	電子工程學研究所

文件中的檔案：

檔案	大小	格式
ntu-108-1.pdf	2.42 MB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。