Single-Trace Side-Channel Attacks on the Toom-Cook: The Case Study of Saber


  • Yanbin Li Nanjing Agricultural University, Nanjing, China
  • Jiajie Zhu Zhejiang Lab, Hangzhou, China
  • Yuxin Huang Nanjing Agricultural University, Nanjing, China
  • Zhe Liu Zhejiang Lab, Hangzhou, China; Nanjing University of Aeronautics and Astronautics, Nanjing, China
  • Ming Tang Wuhan University, Wuhan, China



post-quantum cryptography, Saber KEM, Toom-Cook, side-channel attack, deep learning


The Toom-Cook method is a well-known strategy for building algorithms to multiply polynomials efficiently. Along with NTT-based polynomial multiplication, Toom-Cook-based or Karatsuba-based polynomial multiplication algorithms still have regained attention since the start of the NIST’s post-quantum standardization procedure. Compared to the comprehensive analysis done for NTT, the leakage characteristics of Toom-Cook have not been discussed. We analyze the vulnerabilities of Toom-Cook in the reference implementation of Saber, a third round finalist of NIST’s post-quantum standardization process. In this work, we present the first single-trace attack based on the soft-analytical side-channel attack (SASCA) targeting the Toom-Cook. The deep learning-based power analysis is combined with SASCA to decrease the number of templates since there are a large number of similar operations in the Toom-Cook. Moreover, we describe the optimized factor graph and improved belief propagation to make the attack more practical. The feasibility of the attack is verified by evaluation experiments. We also discuss the possible countermeasures to prevent the attack.




How to Cite

Li, Y., Zhu, J., Huang, Y., Liu, Z., & Tang, M. (2022). Single-Trace Side-Channel Attacks on the Toom-Cook: The Case Study of Saber. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022(4), 285–310.