TY - JOUR AU - Ravi, Prasanna AU - Sinha Roy, Sujoy AU - Chattopadhyay, Anupam AU - Bhasin, Shivam PY - 2020/06/19 Y2 - 2024/03/28 TI - Generic Side-channel attacks on CCA-secure lattice-based PKE and KEMs JF - IACR Transactions on Cryptographic Hardware and Embedded Systems JA - TCHES VL - 2020 IS - 3 SE - Articles DO - 10.13154/tches.v2020.i3.307-335 UR - https://tches.iacr.org/index.php/TCHES/article/view/8592 SP - 307-335 AB - <p>In this work, we demonstrate generic and practical EM side-channel assisted chosen ciphertext attacks over multiple LWE/LWR-based Public Key Encryption (PKE) and Key Encapsulation Mechanisms (KEM) secure in the <em>chosen ciphertext model </em>(IND-CCA security). We show that the EM side-channel information can be efficiently utilized to instantiate a <em>plaintext checking </em>oracle, which provides binary information about the output of decryption, typically concealed within IND-CCA secure PKE/KEMs, thereby enabling our attacks. Firstly, we identified EM-based side-channel vulnerabilities in the error correcting codes (ECC) enabling us to distinguish based on the value/validity of decrypted codewords. We also identified similar vulnerabilities in the Fujisaki-Okamoto transform which leaks information about decrypted messages applicable to schemes that do not use ECC. We subsequently exploit these vulnerabilities to demonstrate practical attacks applicable to <em>six </em>CCA-secure lattice-based PKE/KEMs competing in the second round of the NIST standardization process. We perform experimental validation of our attacks on implementations taken from the open-source <em>pqm4 </em>library, running on the ARM Cortex-M4 microcontroller. Our attacks lead to complete key-recovery in a matter of <em>minutes </em>on all the targeted schemes, thus showing the effectiveness of our attack.</p> ER -