請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/665
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 鄭振牟 | |
dc.contributor.author | CHUN-YU PENG | en |
dc.contributor.author | 彭俊又 | zh_TW |
dc.date.accessioned | 2021-05-11T04:54:31Z | - |
dc.date.available | 2019-08-20 | |
dc.date.available | 2021-05-11T04:54:31Z | - |
dc.date.copyright | 2019-08-20 | |
dc.date.issued | 2019 | |
dc.date.submitted | 2019-08-13 | |
dc.identifier.citation | [1] G. Alagic, G. Alagic, J. AlperinSheriff, D. Apon, D. Cooper, Q. Dang, Y.K. Liu, C. Miller, D. Moody, R. Peralta, et al. Status Report on the First Round of the NIST PostQuantum Cryptography Standardization Process. US Department of Commerce,National Institute of Standards and Technology, 2019.
[2] E. Alkim, L. Ducas, T. Pöppelmann, and P. Schwabe. Newhope without reconciliation. IACR Cryptology ePrint Archive, 2016:1157, 2016. [3] E. Alkim, L. Ducas, T. Pöppelmann, and P. Schwabe. Postquantum key exchange—a new hope. In 25th {USENIX} Security Symposium ({USENIX} Security 16), pages 327–343, 2016. [4] C. Archambeau, E. Peeters, F.X. Standaert, and J.J. Quisquater. Template attacks in principal subspaces. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 1–14. Springer, 2006. [5] A. Bauer, H. Gilbert, G. Renault, and M. Rossi. Assessment of the keyreuse resilience of newhope. In Cryptographers'Track at the RSA Conference, pages 272–292. Springer, 2019. [6] S. Bhasin, J.L. Danger, S. Guilley, and Z. Najm. Nicv: normalized interclass variance for detection of sidechannel leakage. In 2014 International Symposium on Electromagnetic Compatibility, Tokyo, pages 310–313. IEEE, 2014. [7] S. Chari, J. R. Rao, and P. Rohatgi. Template attacks. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 13–28. Springer, 2002. [8] L. Chen, L. Chen, S. Jordan, Y.K. Liu, D. Moody, R. Peralta, R. Perlner, and D. SmithTone. Report on postquantum cryptography. US Department of Commerce, National Institute of Standards and Technology, 2016. [9] O. Choudary and M. G. Kuhn. Efficient template attacks. In International Conference on Smart Card Research and Advanced Applications, pages 253–270. Springer, 2013. [10] C. Clavier, D. Marion, and A. Wurcker. Simple power analysis on aes key expansion revisited. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 279–297. Springer, 2014. [11] B. J. Gilbert Goodwill, J. Jaffe, P. Rohatgi, et al. A testing methodology for sidechannel resistance validation. In NIST noninvasive attack testing workshop, volume 7, pages 115–136, 2011. [12] M. J. Kannwischer, J. Rijneveld, P. Schwabe, and K. Stoffelen. PQM4: Postquantum crypto library for the ARM CortexM4. https://github.com/mupq/pqm4. [13] P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In Annual International Cryptology Conference, pages 388–397. Springer, 1999. [14] V. Lyubashevsky, C. Peikert, and O. Regev. On ideal lattices and learning with errors over rings. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 1–23. Springer, 2010. [15] S. Mangard, E. Oswald, and T. Popp. Power analysis attacks: Revealing the secrets of smart cards, volume 31. Springer Science & Business Media, 2008. [16] T. Oder, T. Schneider, T. Pöppelmann, and T. Güneysu. Practical cca2secure and masked ringlwe implementation. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 142–174, 2018. [17] C. O'Flynn and Z. Chen. Synchronous sampling and clock recovery of internal oscillators for side channel analysis and fault injection. Journal of Cryptographic Engineering, 5(1):53–69, 2015. [18] C. O'Flynn and Z. D. Chen. Chipwhisperer: An opensource platform for hardware embedded security research. In International Workshop on Constructive SideChannel Analysis and Secure Design, pages 243–260. Springer, 2014. [19] A. Park and D.G. Han. Chosen ciphertext simple power analysis on software 8bit implementation of ringlwe encryption. In 2016 IEEE Asian HardwareOriented Security and Trust (AsianHOST), pages 1–6. IEEE, 2016. [20] T. Poppelmann, E. Alkim, R. Avanzi, J. Bos, L. Ducas, A. de la Piedra, P. Schwabe, and D. Stebila. Newhope. NIST submissions, 2017. [21] R. Primas, P. Pessl, and S. Mangard. Singletrace sidechannel attacks on masked latticebased encryption. In International Conference on Cryptographic Hardware and Embedded Systems, pages 513–533. Springer, 2017. [22] O. Regev. On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM (JACM), 56(6):34, 2009. [23] M.J. O. Saarinen. Arithmetic coding and blinding countermeasures for ringlwe. IACR Cryptology ePrint Archive, 2016:276, 2016. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/handle/123456789/665 | - |
dc.description.abstract | NewHope是一個被看好極有可能成為未來後量子密碼系統的演算法。在分析它抵禦量子電腦攻擊的安全性之餘,密碼系統實作的安全性也是一項重要的議題。本論文中,我們首先分析NewHope演算法中可能成為旁通道分析目標的模組。接著,我們針對其二項式抽樣的實作進行旁通道模板攻擊。實驗的結果顯示出攻擊者可以從單一次的功率消耗波形中,以100\%的成功率分析出二項式抽樣出的秘密參數。 | zh_TW |
dc.description.abstract | The NewHope cryptosystem is a promising candidate for the future post-quantum cryptography standard. Besides its security against the attacks from quantum and classical computers, the side-channel security is also an important issue to the implementation of a cryptosystem. In this thesis, we first evaluate the potential side-channel vulnerabilities in the NewHope cryptosystem. Then, a template attack is presented, which can reveal the secret information generated by the Binomial Sampling Function and compromise the security of the cryptosystem. The result shows a 100% success rate of recovering the secrets by only using a single side-channel power consumption trace. | en |
dc.description.provenance | Made available in DSpace on 2021-05-11T04:54:31Z (GMT). No. of bitstreams: 1 ntu-108-R06943082-1.pdf: 2476210 bytes, checksum: 210ed3684ab7bcd286186fabacbdb76c (MD5) Previous issue date: 2019 | en |
dc.description.tableofcontents | 1 Introduction 1
1.1 NIST PQC Standardization Project 2 1.2 Roadmap 4 2 NewHope 5 2.1 Preliminaries 5 2.1.1 Mathematical background 5 2.1.2 Ring Learning with Errors 6 2.2 Algorithm Description 7 2.2.1 Key Generation 8 2.2.2 Encapsulation 8 2.2.3 Decapsulation 8 3 Side-Channel Analysis and Template Attack 11 3.1 Side-Channel Analysis 11 3.2 Leakage Assessment Techniques 12 3.2.1 Test Vector Leakage Assessment 12 3.2.2 Signal-to-Noise Ratio 13 3.2.3 Normalized Inter-Class Variance 13 3.3 Template Attack 14 3.3.1 Point of Interest Selection 17 3.3.2 Principal Component Analysis 17 3.3.3 Linear Discriminant Analysis 18 3.3.4 PCA vs. LDA 19 4 Side-Channel Evaluation on NewHope 21 4.1 Side-Channel Evaluation on the modules 21 4.2 Related Works 23 4.3 Evaluation on the Binomial Sampling Function 24 5 Experiment 27 5.1 Experiment Setup 27 5.2 Leakage Assessment on the Binomial Sampling Function 28 5.3 Template Attack on the Binomial Sampling Function 29 5.3.1 POI-based Template Attack 29 5.3.2 LDA-Based Template Attack 30 5.3.3 Discussion 31 5.3.4 Mitigation 33 6 Concolusion 35 Reference 37 | |
dc.language.iso | en | |
dc.title | NewHope二項式抽樣模板攻擊 | zh_TW |
dc.title | A Template Attack on Binomial Sampling in NewHope | en |
dc.date.schoolyear | 107-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 楊柏因,洪維志 | |
dc.subject.keyword | NewHope,後量子密碼學,旁通道分析,模板攻擊, | zh_TW |
dc.subject.keyword | NewHope,PQC,Side-Channel Analysis,Template Attack, | en |
dc.relation.page | 39 | |
dc.identifier.doi | 10.6342/NTU201903050 | |
dc.rights.note | 同意授權(全球公開) | |
dc.date.accepted | 2019-08-13 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 電子工程學研究所 | zh_TW |
顯示於系所單位: | 電子工程學研究所 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-108-1.pdf | 2.42 MB | Adobe PDF | 檢視/開啟 |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。