June 8, 2021
Prasanna Ravi - Nanyang Technological University
In this work, we demonstrate novel side-channel assisted chosen ciphertext attack applicable to IND-CCA secure NTRU-based PKE/KEMs. In particular, we propose two types of chosen ciphertext attacks on Streamlined NTRU Prime which instantiate respectively, a plaintext-checking oracle and decryption-failure oracle to perform full key recovery. We propose efficient strategies to construct chosen ciphertexts to instantiate the aforementioned oracles to perform full key recovery. We perform experimental validation of our attacks on the optimized implementation of Streamlined NTRU Prime obtained from the pqm4 public library, a testing and benchmarking framework for post quantum cryptographic schemes on the ARM Cortex-M4 microcontroller. We positively confirm that both the PC and DF oracle-based attacks result in full key recovery in a few thousand traces with 100% success rate. We also perform a brief survey of the various side-channel assisted chosen-ciphertext attacks on LWE/LWR-based schemes and subsequently identify critical similarities and differences between our proposed attacks as well as known attacks on the LWE/LWR-based schemes. Based on preliminary results from our proposed attacks, we do not observe any considerable increase in the attacker’s effort to defeat both LWE/LWR-based schemes as well
