Side-channel analysis in code-based cryptography

Size: px

Start display at page:

Download "Side-channel analysis in code-based cryptography"

Josephine Haynes
5 years ago
Views:

1 1 Side-channel analysis in code-based cryptography Tania RICHMOND IMATH Laboratory University of Toulon SoSySec Seminar Rennes, April 5, 2017

2 Outline McEliece cryptosystem Timing Attack Power consumption Attack Conclusion

3 Outline McEliece cryptosystem Timing Attack Power consumption Attack Conclusion

4 Communication Once upon a time... a woman, Alice and a man, Bob who wanted to communicate together.

5 Attack But, they did not want that anyone, Eve could understand this message.

6 Cryptology science of secret kryptos=secret/hidden logos=science Two concepts : Cryptography Secret writting Cryptanalysis Analysis of a secret

7 7 Cryptography Using a one-way function to do: Encryption Identification Signature Hash function

8 7 Cryptography Using a one-way function to do: Encryption Identification Signature Hash function

9 8 Secret-Key Cryptosystem Ceasar

10 Public-Key Cryptosystem (PKC) [DH76] 1 1 W. Diffie and M. Hellman, New directions in cryptography, IEEE Transactions on Information Theory 1976.

11 Post-quantum cryptography Code-based cryptography Lattice-based cryptography Hash-based cryptography Multivariate-based cryptography No solving in polynomial time, contrary to number theory problems [Sho97] 2 2 P. W. Shor, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer, SIAM Journal on Computing, 26(5), pp ,

Post-quantum cryptography Code-based cryptography Lattice-based cryptography Hash-based cryptography Multivariate-based cryptography No solving in polynomial time, contrary to number

12 Post-quantum cryptography Code-based cryptography Lattice-based cryptography Hash-based cryptography Multivariate-based cryptography No solving in polynomial time, contrary to number theory problems [Sho97] 2 2 P. W. Shor, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer, SIAM Journal on Computing, 26(5), pp ,

13 11 Linear code Definition (Linear code) Let q = p m be a power m > 0 of some prime p. Let F q denoted the finite field of q elements. A linear code C of length n and dimension k is a k-dimensional subspace of F n q. Definition (Generator matrix) Let C be a [n, k] q -linear code. Let G M k,n (F q ). We call G a generator matrix of C iff G-rows are basis vectors of C.

14 Syndrome Decoding (SD) problem [BMcEvT78] 3 Inputs H matrix of size r n, S binary vector of length r, t interger. Problem Does there exist a binary vector e of length n and weight t such that : r = n k S is called syndrome. Theorem SD is NP-complete. 3 E. R. Berlekamp, R. J. McEliece, and H. C. van Tilborg, On the inherent intractability of certain coding problems, IEEE Transactions on Information Theory, 1978.

15 Proposed in [McE78] 4. Key generation: Encryption: sk: (Q, G, P) pk: (G, m, t) McEliece PKC 1. Message encoding into a codeword 2. Error vector adding to the codeword Decryption: 1. Ciphertext permutation 2. Syndrome computation 3. Solving of the key equation G = Q G P 4. Error position finding 4 R. J. McEliece, A public-key cryptosystem based on algebraic coding theory, California Inst. Technol., Pasadena, CA, Tech. Rep. 44, 1978.

16 14 Cryptography Theory vs. Practice Mathematics Implementations VS.

17 Definition (SCA) Side-Channel Attack (SCA) Exploit the laws of physics phenomenons to obtain some information contained in channels associated to an implementation (software or hardware). 1st SCA in [Koc96] 5 5 P. C. Kocher, Timing attacks on implementations of Diffie- Hellman, RSA, DSS, and other systems, CRYPTO 96, Springer, LNCS, vol. 1109, pp ,

18 Outline McEliece cryptosystem Timing Attack Power consumption Attack Conclusion

19 Proposed in [McE78] 6. Key generation: Encryption: sk: (Q, G, P) pk: (G, m, t) McEliece PKC 1. Message encoding into a codeword 2. Error vector adding to the codeword Decryption: 1. Ciphertext permutation 2. Syndrome computation 3. Solving of the key equation G = Q G P 4. Error position finding 6 R. J. McEliece, A public-key cryptosystem based on algebraic coding theory, California Inst. Technol., Pasadena, CA, Tech. Rep. 44, 1978.

20 McEliece Decryption Attack on the Extended Euclidean Algorithm (EEA) double call 1. Ciphertext permutation 2. Syndrome computation 3. Solving the key equation (with Patterson [Pat75] 7 ): 3.1 Syndrome inversion (via EEA) 3.2 Square root computation 3.3 Error locator polynomial (ELP) determination (via EEA) 4. Errors positions finding 4.1 ELP evaluation 4.2 Errors correction 7 N. J. Patterson, The algebraic decoding of goppa codes, IEEE Transactions on Information Theory, 21(2): , 1975.

21 Attack on the 2nd EEA call Error locator polynomial (ELP) determination [Str10] ELP determination attack [Str10] 8 with error weight ε = 4 < t: with: σ(x ) = σ 4 X 4 σ 3 X 3 σ 2 X 2 σ 1 X σ 0 = a 2 (X ) X b 2 (X ) a(x ) = σ 4 X 2 σ 2 X σ 0 b(x ) = σ 3 X σ 1 Two possible cases: If deg(b) = 0: then σ 3 = 0. If deg(b) = 1: then σ F. Strenzke, A timing attack against the secret permutation in the McEliece PKC, Post-Quantum Cryptography 2010, Springer, LNCS, vol. 6061, pp ,

22 20 Attack on the 2nd EEA call Error locator polynomial (ELP) determination [Str10] b(x ) = σ 3 X σ 1 Two possible cases: If deg(b) = 0: then σ 3 = α P(i1 ) α P(i2 ) α P(i3 ) α P(i4 ) = 0, so max 2 iterations in EEA. If deg(b) = 1: then σ 3 = α P(i1 ) α P(i2 ) α P(i3 ) α P(i4 ) 0, so max 1 iteration in EEA.

23 Attack on the 1st EEA call Syndrome inversion [Str13] Syndrome inversion attack [Str13] 9 with error weight ε = 4 < t: S E (X ) S E (X ) σ E (X ) σ E (X ) n i=1 E i =1 1 X α i mod G(X ) σ 3 X 2 σ 1 X 4 σ 3 X 3 σ 2 X 2 σ 1 X σ 0 mod G(X ). 9 F. Strenzke, Timing attacks against the syndrome inversion in code-based cryptosystems, PQCrypto 2013, Springer, LNCS, vol. 7932, pp ,

24 Attack on the 1st EEA call Syndrome inversion [Str13] Syndrome inversion attack [Str13] 9 with error weight ε = 4 < t: S E (X ) S E (X ) σ E (X ) σ E (X ) n i=1 E i =1 1 X α i mod G(X ) σ 3 X 2 σ 1 X 4 σ 3 X 3 σ 2 X 2 σ 1 X σ 0 mod G(X ). 9 F. Strenzke, Timing attacks against the syndrome inversion in code-based cryptosystems, PQCrypto 2013, Springer, LNCS, vol. 7932, pp ,

25 22 Attack on the 1st EEA call Syndrome inversion [Str13] Attack with error weight ε = 4 < t: with: Two possible cases: σ E (X ) = σ 3 X 2 σ 1, σ 3 = α P(i1 ) α P(i2 ) α P(i3 ) α P(i4 ). If σ 3 = 0: then deg(σ E ) = 0, so max 4 iterations in EEA. If σ 3 0: then deg(σ E ) = 2, so max 6 iterations in EEA.

26 Attack on the EEA double call Relation between both EEA calls [BCDR17] Relation between both EEA calls exploited in [BCDR17] 10 : For an error weight ε s.t. 4 ε t/2 and 2 ε: If σ ε 1 0: then 1. Syndrome inversion: max 2ε 2 iterations. 2. ELP determination: max ε/2 iterations. If σ ε 1 = 0 and σ ε3 0: then 1. Syndrome inversion: max 2ε 4 iterations. 2. ELP determination: max ε/2 1 iterations. 10 D. Bucerzan, P.-L. Cayrel, V. Dragoi and T. Richmond, Improved Timing Attacks against the Secret Permutation in the McEliece PKC, IJCCC

27 24 Attack on the EEA double call Relation between both EEA calls [BCDR17] Our proposition Combine two previous attacks, [Str10] et [Str13], to obtain relations between support elements up to t/2 elements. Countermeasure Do additional iterations to make the iteration number constant in EEA (i.e. not depending on the error weight but only on the Goppa polynomial degree).

28 24 Attack on the EEA double call Relation between both EEA calls [BCDR17] Our proposition Combine two previous attacks, [Str10] et [Str13], to obtain relations between support elements up to t/2 elements. Countermeasure Do additional iterations to make the iteration number constant in EEA (i.e. not depending on the error weight but only on the Goppa polynomial degree). Remark Possible attack by power analysis? Or fault injection like the Square-and-Multiply algorithm?

29 Outline McEliece cryptosystem Timing Attack Power consumption Attack Conclusion

30 Proposed in [McE78] 11. Key generation: Encryption: sk: (Q, G, P) pk: (G, m, t) McEliece PKC 1. Message encoding into a codeword 2. Error vector adding to the codeword Decryption: 1. Ciphertext permutation 2. Syndrome computation 3. Solving of the key equation G = Q G P 4. Error position finding 11 R. J. McEliece, A public-key cryptosystem based on algebraic coding theory, California Inst. Technol., Pasadena, CA, Tech. Rep. 44, 1978.

31 Four profiles of implementation [HMP10] 12 for ciphertext permutation and syndrome computation Profile I Profile II C p = C P 1 C p = C P 1 Polynomial operations S = C p H T for Goppa codes Γ(L, G) with L and G Profile III Profile IV L p L P Hp T = P 1 H T Polynomial operations S = C Hp T for Goppa codes Γ(L, G) with L p and G 12 S. Heyse, A. Moradi and C. Paar, Practical Power Analysis Attacks on Software Implementations of McEliece, PQCrypto 2010.

32 28 Attack platform scheme ARM Cortex-M3 microprocessor

33 29 Simple Power Analysis (SPA) on the syndrome computation Vector-matrix product McEliece Decryption: 1. Ciphertext permutation 2. Syndrome computation : S = C p H 3. Solving of the key equation 4. Error position finding

34 30 Four profiles of implementation [HMP10] for ciphertext permutation and syndrome computation Profile I Profile II C p = C P 1 C p = C P 1 Polynomial operations S = C p H T for Goppa codes Γ(L, G) with L and G Profile III Profile IV L p L P Hp T = P 1 H T Polynomial operations S = C Hp T for Goppa codes Γ(L, G) with L p and G

35 31 Syndrome computation Algorithm Inputs: Permuted ciphertext C p F n 2, parity-check matrix H M r,n (F 2 ). For i = 1 to n If C pi = 1 S = S H i EndIf EndFor Return S. Output: Syndrome S F r 2 of C p.

36 32 Syndrome computation Scheme

37 SPA on the syndrome computation [PRDCF15] 13 Toy example SPA with Chosen Ciphertext Attack (CCA) Known to attacker Secret data Leakage Reconstruction of the P matrix 1 st measurement: nd measurement: 3 rd measurement: P -1 H T S P A P* 4 th measurement: Input codewords (CCA) Permutation matrix Bit permuted codewords Parity-check matrix Power consumption traces Attack Reconstructed bit Reconstructed P matrix permuted codewords by comparing with inputs 13 M. Petrvalsk, T. Richmond, M. Drutarovsk, P.-L. Cayrel and V. Fischer, Countermeasure against the SPA attack on an embedded McEliece cryptosystem, IEEE, International Conference Radioelektronika 2015, pp ,

38 34 Countermeasure [PRDCF15] First algorithm Inputs: Permuted ciphertext C p F n 2, parity-check matrix H M r,n(f 2). words = r/sizeof (S) Required number of bytes to store S For i = 1 to n tmp = unsigned(0 C pi ) For j = 1 to words S j = S j H i,j & tmp EndFor EndFor Return S. Output: Syndrome S F r 2 of C p.

39 Countermeasure [PRDCF15] Second algorithm Inputs: Permuted ciphertext C p F n 2, parity-check matrix H M r,n(f 2). words = r/sizeof (S) Required number of bytes to store S Syndrome masking For j = 1 to words S j = S j & 0xAAAA EndFor Syndrome computation For i = 1 to n tmp = unsigned(0 C pi ) For j = 1 to words S j = S j H i,j & tmp EndFor EndFor Syndrome unmasking For j = 1 to words S j = S j & 0xAAAA EndFor Return S. Output: Syndrome S F r 2 of C p.

40 36 Syndrome computation with countermeasure [PRDCF15] Scheme

41 37 Differential Power Analysis (DPA) on the ciphertext permutation For example vector-matrix product Decryption: 1. Ciphertext permutation : C p = C P 1 2. Syndrome computation 3. Solving of the key equation 4. Error position finding

42 38 Four profiles of implementation [HMP10] for ciphertext permutation and syndrome computation Profile I Profile II C p = C P 1 C p = C P 1 Polynomial operations S = C p H T for Goppa codes Γ(L, G) with L and G Profile III Profile IV L p L P Hp T = P 1 H T Polynomial operations S = C Hp T for Goppa codes Γ(L, G) with L p and G

43 39 Simple permutation Example C j... n P C p i... n

44 40 Simple permutation Algorithm Inputs: Private permutation matrix P 1 M n,n (F 2 ) represented by a lookup table t P 1, ciphertext C F n 2. For i = 0 to n 1 j = ti P 1 C pi = C j Endfor Return C p. Output: Permuted ciphertext C p F n 2.

45 Secure permutation [STMOS08] 14 Algorithm Inputs: Private permutation matrix P 1 M n,n (F 2 ) represented by a lookup table t P 1, ciphertext C F n For i = 0 to n 1 2. j = ti P 1 3. Cpi = 0 4. For h = 0 to n 1 5. k = C pi 6. µ = C h 7. s = j h 8. s = s 1 9. s = s s = s s = s s = s s & = s = (s 1) 15. C pi = (s & k) (( s) & µ) 16. Endfor 17. Endfor 18. Return C p Output: Permuted ciphertext C p F n F. Strenzke, E. Tews, H. G. Molter, R. Overbeck and A. Shoufan, Side Channels in the McEliece PKC, PQCrypto 2008.

46 42 Secure permutation [STMOS08] Examples Steps 7: s = j h 1 } 00 {{... 0 } 31 8: s = s : s = s } 00 {{... 0 } 28 10: s = s : s = s : s = s 16 } 11 {{... 1 } 32 13: s & = : s = (s 1) Test hypotheses } 00 {{... 0 } }{{... 1 }

47 Leakage Step 15: Giving: Weakness [PRDCF16] 15 C pi = (s & k) true only if s= else false (( s) & µ) true only if s= else false k = 0 k = C j j n 1 h 15 M. Petrvalský, T. Richmond, M. Drutarovský, P.-L. Cayrel and V. Fischer, Differential power analysis attack on the secure bit permutation in the McEliece cryptosystem, IEEE Radioelektronika

48 44 DPA on the ciphertext permutation [PRDCF16] Known to attacker Secret data 1 st m easurem ent: nd m easurem ent: 3 rd m easurem ent: P th m easurem ent: Input random ciphertexts (CCA) Permutation matrix Bit permuted ciphertexts Leakage Reconstruction of the P matrix CA for 1 st bit: DPA CA for 2 nd bit: CA for 3 rd bit: P -1 * = CA for 4 th bit: Power consumption Attack Correlation analyses (CAs) Reconstructed P -1 matrix traces for each bit by analysing CAs

49 45 Traces analysis [PRDCF16] Apply a Hamming weight of individual bits leakage model: H i {0, 1}, Use correlation coefficient to test our hypotheses compared with measurements, Good hypothesis if the coefficient is (almost) 1 or -1, Average of 500 traces per ciphertext hypothesis to avoid noise, Chosen ciphertexts as every vectors of weight 1.

50 46 Trace example [PRDCF16]

51 Output: Permuted ciphertext C p F n 2 masked by a codeword. 47 Countermeasure [PRDCF16] Algorithm Inputs: Private permutation matrix P 1 M n,n (F 2 ) represented by a lookup table t P 1, ciphertext C F n 2 and private generator matrix. 1. Randomly choose B Γ(L, G) 2. B p = B P 3. C = C B p 4. For i = 0 to n 1 5. j = ti P 1 6. Cpi = 0 7. For h = 0 to n 1 8. k = C pi 9. µ = C h 10. s = j h 11. s = s s = s s = s s = s s = s s & = s = (s 1) 18. Cpi = (s & k) (( s) & µ) 19. Endfor 20. Endfor 21. Return C p

52 48 Countermeasure [PRDCF16] Scheme Known to attacker Secret data 1 st m easurem ent: nd m easurem ent: 3 rd m easurem ent: P th m easurem ent: Input random ciphertexts (CCA) Bit permuted ciphertexts with added codewords pb 1 p B 2 p B 3 p B 4 Modified Goppa codewords for all four ciphertexts

53 49 Countermeasure [PRDCF16] Main idea From masked ciphertext to masked permuted ciphertext: C p = C P 1 = ( C B p ) P 1 = C P 1 (B P) P 1 = C p B. From masked permuted ciphertext to the same syndrome than non-masked ciphertext: S = C p H T = ( C p B) H T = C p H T B H T =0 = C p H T.

54 50 Countermeasure [PRDCF16] Trace example Correlation coefficient MS/s x 10 5

55 Outline McEliece cryptosystem Timing Attack Power consumption Attack Conclusion

56 52 Conclusion Two Chosen Ciphertext Attacks targeting the private permutation in the McEliece cryptosystem. Timing attack (TA): analysis of both EEA calls in the Patterson s algorithm during the McEliece decryption: syndrome inversion and error locator determination, study two previous attacks, combining both attacks to get more information, countermeasure proposal (by adding computations in the EEA), those TA attacks are depending on the code structure, so useless for others linear codes than Goppa codes.

57 53 Conclusion Power consumption attack (PA): analysis of the two first steps in the McEliece decryption: ciphertext permutation and syndrome computation, SPA against the syndrome computation implemented on a microcontroller, masking countermeasure to avoid branches, DPA against a secure permutation algorithm implemented on a microcontroller, masking countermeasure (with n more bits and not a huge amount of additional computations), both PA attacks are not depending on the code structure, so possible for others linear codes than Goppa codes.

58 54 Perspectives Four profiles of implementation [HMP10] for ciphertext permutation and syndrome computation Profile I Profile II C p = C P 1 C p = C P 1 Polynomial operations S = C p H T for Goppa codes Γ(L, G) with L and G Profile III Profile IV L p L P Hp T = P 1 H T Polynomial operations S = C Hp T for Goppa codes Γ(L, G) with L p and G Best choice?!

59 55 Perspectives Make a power analysis and try a fault injection attack for the countermeasure against the TA, Try a higher-order power consumption or a template attack for the countermeasure against PA, Goppa polynomial recovering after getting the private permutation matrix and knowing the support elements order in the McEliece public key cryptosystem.

60 56 Side-channel analysis in code-based cryptography Tania RICHMOND Thank you for your attention!

Toward Secure Implementation of McEliece Decryption

Toward Secure Implementation of McEliece Decryption Mariya Georgieva & Frédéric de Portzamparc Gemalto & LIP6, 13/04/2015 1 MCELIECE PUBLIC-KEY ENCRYPTION 2 DECRYPTION ORACLE TIMING ATTACKS 3 EXTENDED