Classic McEliece 的旁通道分析：在 Cortex-M4 上的優 化和評估

張子賢; Tzu-Hsien Chang

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/89858

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	王勝德	zh_TW
dc.contributor.advisor	Sheng-De Wang	en
dc.contributor.author	張子賢	zh_TW
dc.contributor.author	Tzu-Hsien Chang	en
dc.date.accessioned	2023-09-22T16:25:28Z	-
dc.date.available	2023-11-09	-
dc.date.copyright	2023-09-22	-
dc.date.issued	2023	-
dc.date.submitted	2023-08-11	-
dc.identifier.citation	ISO/IEC 17825:2016 information technology–security techniques–testing methods for the mitigation of non-invasive attack classes against cryptographic modules. Standard, International Organization for Standardization, Geneva, CH, 2016. Classic mceliece. tech. rep., national institute of standards and technology. 2020. G. Barthe, S. Belaïd, T. Espitau, P.-A. Fouque, B. Grégoire, M. Rossi, and M. Tibouchi. Masking the glp lattice-based signature scheme at any order. In Advances in Cryptology–EUROCRYPT 2018: 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tel Aviv, Israel, April 29-May 3, 2018 Proceedings, Part II 37, pages 354–384. Springer, 2018. M. V. Beirendonck, J.-P. D＇anvers, A. Karmakar, J. Balasch, and I. Verbauwhede. A side-channel-resistant implementation of saber. ACM Journal on Emerging Technologies in Computing Systems (JETC), 17(2):1–26, 2021. D. J. Bernstein, T. Chou, and P. Schwabe. Mcbits: fast constant-time codebased cryptography. In Cryptographic Hardware and Embedded Systems-CHES 2013: 15th International Workshop, Santa Barbara, CA, USA, August 20-23, 2013. Proceedings 15, pages 250–272. Springer, 2013. E. Cagli, C. Dumas, and E. Prouff. Convolutional neural networks with data 39 augmentation against jitter-based countermeasures: Profiling attacks without preprocessing. In Cryptographic Hardware and Embedded Systems–CHES 2017: 19th International Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings, pages 45–68. Springer, 2017. M.-S. Chen and T. Chou. Classic mceliece on the arm cortex-m4. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 125–148, 2021. T. Chou. Mcbits revisited. In International Conference on Cryptographic Hardware and Embedded Systems, pages 213–231. Springer, 2017. B. Colombier, V.-F. Dragoi, P.-L. Cayrel, and V. Grosso. Message-recovery profiled side-channel attack on the classic mceliece cryptosystem. IACR Cryptol. ePrint Arch., 2022:125, 2022. S. Gao and T. Mateer. Additive fast fourier transforms over finite fields. IEEE Transactions on Information Theory, 56(12):6265–6272, 2010. Q. Guo, A. Johansson, and T. Johansson. A key-recovery side-channel attack on classic mceliece implementations. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 800–827, 2022. S. Heyse and T. Güneysu. Code-based cryptography on reconfigurable hardware: tweaking niederreiter encryption for performance. Journal of Cryptographic Engineering, 3:29–43, 2013. J. Kim, S. Picek, A. Heuser, S. Bhasin, and A. Hanjalic. Make some noise. unleashing the power of convolutional neural networks for profiled side-channel analysis. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 148–179, 2019. P. C. Kocher. Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In Advances in Cryptology—CRYPTO＇96: 16th Annual International Cryptology Conference Santa Barbara, California, USA August 18–22, 1996 Proceedings 16, pages 104–113. Springer, 1996. L. Lerman, R. Poussier, G. Bontempi, O. Markowitch, and F.-X. Standaert. Template attacks vs. machine learning revisited (and the curse of dimensionality in side-channel analysis). In Constructive Side-Channel Analysis and Secure Design: 6th International Workshop, COSADE 2015, Berlin, Germany, April 13-14, 2015. Revised Selected Papers 6, pages 20–33. Springer, 2015. F. J. MacWilliams and N. J. A. Sloane. The theory of error-correcting codes, volume 16. Elsevier, 1977. H. Maghrebi, T. Portigliatti, and E. Prouff. Breaking cryptographic implementations using deep learning techniques. In Security, Privacy, and Applied Cryptography Engineering: 6th International Conference, SPACE 2016, Hyderabad, India, December 14-18, 2016, Proceedings 6, pages 3–26. Springer, 2016. R. J. McEliece. A public-key cryptosystem based on algebraic. Coding Thv, 4244:114–116, 1978. K. Ngo, E. Dubrova, Q. Guo, and T. Johansson. A side-channel attack on a masked ind-cca secure saber kem implementation. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 676–707, 2021. H. Niederreiter. Knapsack-type cryptosystems and algebraic coding theory. Prob. Contr. Inform. Theory, 15(2):157–166, 1986. C. O’Flynn. Chipwhisperer-lite (cw1173) two-part version. 2016. C. O’Flynn. Chipwhisperer - the complete open-source toolchain for side-channel power analysis and glitching attacks. 2018. P. Ravi, M. F. Ezerman, S. Bhasin, A. Chattopadhyay, and S. S. Roy. Will you cross the threshold for me?-generic side-channel assisted chosen-ciphertext attacks on ntru-based kems. Cryptology ePrint Archive, 2021. P. Ravi, B. Jungk, D. Jap, Z. Najm, and S. Bhasin. Feature selection methods for nonprofiled side-channel attacks on ecc. In 2018 IEEE 23rd International Conference on Digital Signal Processing (DSP), pages 1–5. IEEE, 2018. P. Ravi, S. S. Roy, A. Chattopadhyay, and S. Bhasin. Generic side-channel attacks on cca-secure lattice-based pke and kems. IACR transactions on cryptographic hardware and embedded systems, pages 307–335, 2020. T. Schneider and A. Moradi. Leakage assessment methodology: A clear roadmap for side-channel evaluations. In Cryptographic Hardware and Embedded Systems–CHES 2015: 17th International Workshop, Saint-Malo, France, September 13-16, 2015, Proceedings 17, pages 495–513. Springer, 2015. P. W. Shor. Algorithms for quantum computation: discrete logarithms and factoring. In Proceedings 35th annual symposium on foundations of computer science, pages 124–134. Ieee, 1994. V. M. Sidelnikov and S. O. Shestakov. On insecurity of cryptosystems based on generalized reed-solomon codes. 1992. B.-Y. Sim, J. Kwon, J. Lee, I.-J. Kim, T.-H. Lee, J. Han, H. Yoon, J. Cho, and D.-G. 42 Han. Single-trace attacks on message encoding in lattice-based kems. IEEE Access, 8:183175–183191, 2020. M. Von Willich. A technique with an information-theoretic basis for protecting secret data from differential power attacks. In IMA International Conference on Cryptography and Coding, pages 44–62. Springer, 2001. Z. Xu, O. Pemberton, S. S. Roy, D. Oswald, W. Yao, and Z. Zheng. Magnifying side-channel leakage of lattice-based cryptosystems with chosen ciphertexts: The case study of kyber. IEEE Transactions on Computers, 71(9):2163–2176, 2021. G. Zaid, L. Bossuet, A. Habrard, and A. Venelli. Methodology for efficient cnn architectures in profiling attacks. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 1–36, 2020.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/89858	-
dc.description.abstract	Classic McEliece 是由 Robert J. McEliece 於1978年設計的公鑰加密方案。它以其對抗量子電腦的攻擊能力而聞名，因此在後量子密碼學中廣受青睞。然而，最近對旁通道分析的研究揭示出，在未應用遮罩保護的情況下，Classic McEliece 容易受到旁通道攻擊。為了解決這個弱點，通常會使用算術遮罩作為軟體保護技術。然而，在實際應用中，算術遮罩的軟體實現會帶來顯著的負擔。在我們的實現中，我們提出了一個有效且最優的仿射遮罩Classic McEliece 加法快速傅立葉變換（FFT）實現，適用於在STM32F407/STM32F40715 Discovery開發板上的ARM Cortex-M4處理器。我們還使用Test Vector Leakage Techniques（TVLA）來評估其安全性。我們的方法實現了高水平的安全性，因為t統計值保持在4.5個標準偏差的閾值以下。這意味著洩漏的信息無法被檢測出來，確保有效抵禦旁通道攻擊。	zh_TW
dc.description.abstract	Classic McEliece is a public-key encryption scheme designed by Robert J. McEliece in 1978. It is well-known for its resistance to attacks by quantum computers, making it a popular choice for post-quantum cryptography. However, recent studies on side-channel analysis have revealed that Classic McEliece is vulnerable to side-channel attacks when no masking protection is applied. To address this vulnerability, arithmetic masking is commonly employed as a software protection technique. Nevertheless, in practice, a software implementation of arithmetic masked Classic McEliece incurs significant overhead. In our implementation, we present an efficient and optimal affine masked Classic McEliece additive Fast Fourier Transform (FFT) implementation for the ARM Cortex-M4 on the STM32F407/STM32F40715 Discovery board (a common Cortex-M4 board). We also evaluate its security using TVLA (Test Vector Leakage Techniques). Our approach achieves a high level of security, as the t-statistic value remains below the threshold of 4.5 standard deviations. This implies that leaked information cannot be detected, ensuring robust protection against side-channel attacks.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2023-09-22T16:25:28Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2023-09-22T16:25:28Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	Acknowledgements i 摘要 iii Abstract v Contents vii List of Figures xi List of Tables xiii Chapter 1 Introduction 1 1.1 Our contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Chapter 2 Classic McEliece 5 2.1 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1.1 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1.2 Coding theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2 Algorithm Description . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2.1 Key generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.2.2 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.2.3 Decryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.2.4 The Gao–Mateer Additive FFT . . . . . . . . . . . . . . . . . . . . 11 Chapter 3 Side-Channel Analysis and Key Recovery Attack 15 3.1 Side-Channel analysis . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.2 Key recovery attack on Classic McEliece . . . . . . . . . . . . . . . 16 3.2.1 Profiling Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.2.2 Profiled side-channel analysis with Neural Networks . . . . . . . . 17 3.2.3 Key recovery attack on Classic McEliece . . . . . . . . . . . . . . 18 3.2.4 Impact of Key recovery attack . . . . . . . . . . . . . . . . . . . . 19 3.3 Side-Channel Countermeasures . . . . . . . . . . . . . . . . . . . . 19 3.3.1 Arithmetic Masking . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.3.2 Affine Masking . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.4 Test Vector Leakage Techniques . . . . . . . . . . . . . . . . . . . . 23 3.5 Security Notion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.5.1 t-Non-Interference (t-NI) Security . . . . . . . . . . . . . . . . . . 24 3.5.2 t-Strong-Non-Interference (t-SNI) Security . . . . . . . . . . . . . . 25 Chapter 4 Side-Channel Countermeasure on Classic McEliece 27 4.1 Arithmetic Masked additive FFT . . . . . . . . . . . . . . . . . . . . 27 4.2 Affine Masked additive FFT . . . . . . . . . . . . . . . . . . . . . . 29 Chapter 5 Experiments and Results 31 5.1 The ARM Cortex-M Processors . . . . . . . . . . . . . . . . . . . . 31 5.2 Comparison of the Implementations . . . . . . . . . . . . . . . . . . 32 5.3 Leakage Detection of Side-Channel Analysis . . . . . . . . . . . . . 33 Chapter 6 Conclusion 37 References 39	-
dc.language.iso	en	-
dc.subject	後量子密碼	zh_TW
dc.subject	加法傅立葉轉換	zh_TW
dc.subject	Classic McEliece	zh_TW
dc.subject	旁通道	zh_TW
dc.subject	遮罩	zh_TW
dc.subject	Side-channel	en
dc.subject	additive FFT	en
dc.subject	Classic McEliece	en
dc.subject	masking	en
dc.subject	PQC	en
dc.title	Classic McEliece 的旁通道分析：在 Cortex-M4 上的優化和評估	zh_TW
dc.title	Side-Channel Analysis of Classic McEliece: Optimization and Evaluation on Cortex-M4	en
dc.type	Thesis	-
dc.date.schoolyear	111-2	-
dc.description.degree	碩士	-
dc.contributor.coadvisor	陳君朋	zh_TW
dc.contributor.coadvisor	Jiun-Peng Chen	en
dc.contributor.oralexamcommittee	雷欽隆;陳君明;楊柏因	zh_TW
dc.contributor.oralexamcommittee	Chin-Laung Lei;Jiun-Ming Chen;Bo-Yin Yang	en
dc.subject.keyword	旁通道,後量子密碼,Classic McEliece,加法傅立葉轉換,遮罩,	zh_TW
dc.subject.keyword	Side-channel,PQC,Classic McEliece,additive FFT,masking,	en
dc.relation.page	43	-
dc.identifier.doi	10.6342/NTU202303595	-
dc.rights.note	未授權	-
dc.date.accepted	2023-08-11	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	電機工程學系	-
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-111-2.pdf 未授權公開取用	803.07 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。