格基密钥封装机制中的密文延展性作为侧信道分析的对策 (Ciphertext Malleability in Lattice-Based KEMs as a Countermeasure to Side Channel Analysis)

from arxiv, 29 pages total, 26 pages excluding references, 8 figures. This paper is an extension of a work presented at CECC 2024 under the title "A Countermeasure To Side Channel Message Recovery Attacks Using Chosen-Ciphertext Against ML-KEM". It has been selected by the CECC 2024 program chairs for submission at a special edition of the Fundamenta Informaticae journal

Due to developments in quantum computing, classical asymmetric cryptography is at risk of being breached. Consequently, new Post-Quantum Cryptography (PQC) primitives using lattices are studied. Another point of scrutiny is the resilience of these new primitives to Side Channel Analysis (SCA), where an attacker can study physical leakages. In this work we discuss a SCA vulnerability due to the ciphertext malleability of some PQC primitives exposed by a work from Ravi et al. We propose a novel countermeasure to this vulnerability exploiting the same ciphertext malleability and discuss its practical application to several PQC primitives. We also extend the seminal work of Ravi et al. by detailing their attack on the different security levels of a post-quantum Key Encapsulation Mechanism (KEM), namely FrodoKEM. We also provide a generalisation of their attack to different parameters which could be used in future similar primitives.

翻译：由于量子计算的发展，经典非对称密码学面临被攻破的风险。因此，学界开始研究使用格结构的新型后量子密码学原语。另一个值得关注的问题是这些新原语对侧信道分析的抵抗能力，攻击者可通过分析物理泄漏信息实施攻击。本文讨论了由Ravi等人工作揭示的某些后量子密码原语因密文延展性导致的侧信道分析漏洞。我们提出了一种利用相同密文延展性的新型漏洞防护对策，并探讨了该对策在多种后量子密码原语中的实际应用。通过详细分析Ravi等人对后量子密钥封装机制（以FrodoKEM为例）不同安全等级的攻撃方案，我们拓展了其开创性研究。此外，我们还将其攻撃方法推广至适用于未来类似原语的不同参数配置，提供了通用化分析框架。