A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation
Keywords:Public-key cryptography, post-quantum cryptography, Saber KEM, LWE/LWR-based KEM, side-channel attack, power analysis, deep learning
In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.
How to Cite
Copyright (c) 2021 Kalle Ngo, Elena Dubrova, Qian Guo, Thomas Johansson
This work is licensed under a Creative Commons Attribution 4.0 International License.