Abstract
This paper presents an approach to uncover and analyze power side-channel leakages on a processor cycle level precision. By carefully designing and evaluating the measurement setup, accurate trace timing is enabled, which is used to overlay the trace with the corresponding assembly code. This methodology allows to expose the sources of leakage on a processor cycle scale, which allows for evaluating new implementations. It also exposes that the default ChipWhisperer configuration for STM32F4 targets used in prior work includes wait cycles that are rarely used in real-world applications, but affect power side-channel leakage.
As an application for our setup, we target the widely used \(\text {Sign-Flip}\) function of Gaussian sampling code used in multiple Post-Quantum Key-Exchange Mechanisms and Signature schemes. We propose new implementations for the \(\text {Sign-Flip}\) function based on our analysis on the original implementation and further evaluate their leakage.
Our findings allow the conclusion that unmasked cryptographic implementations of schemes based on Gaussian random numbers for STM32F4 cannot be secure against power side-channel, and that masking just the Gaussian sampler is not a viable option.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
To the best of our knowledge, the alignment of this process is not documented. However, our experiments provide some evidence that a 4-word alignment is used on our target device.
- 2.
While confirming that the random distribution did not change and is still according to the specification of \(\sigma =2.8\), we found that, due to the 16-bit constraint on the table entries, the original one-sided implementation has \(\sigma \approx 2.8146\) and our two-sided adaptation has \(\sigma \approx 2.8138\).
References
Alkim, E., et al.: Frodokem implementation (2021). https://github.com/Microsoft/PQCrypto-LWEKE
Alkim, E., et al.: Frodokem learning with errors key encapsulation (2021). https://frodokem.org/files/FrodoKEM-specification-20210604.pdf
ARM: ARM Cortex-M4. https://developer.arm.com/Processors/Cortex-M4
ARM: ARM Cortex-M4 instruction cycle count. https://developer.arm.com/documentation/ddi0439/b/CHDDIGAC
Askeland, A., Rønjom, S.: A side-channel assisted attack on NTRU. Cryptology ePrint Archive, Paper 2021/790 (2021). https://eprint.iacr.org/2021/790
Carruth, C.: Why statement order can not be enforced. Stackoverflow (2016). https://stackoverflow.com/a/38025837
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3
Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal Gaussians. Cryptology ePrint Archive, Paper 2013/383 (2013). https://eprint.iacr.org/2013/383
Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Galactics implementation (2019). https://github.com/espitau/GALACTICS
Fouque, P.A., et al.: Falcon: fast-Fourier lattice-based compact signatures over NTRU (2020). https://falcon-sign.info/falcon.pdf
Fouque, P.A., et al.: Falcon implementation (2020). https://falcon-sign.info/
Genêt, A., Kalułterović, N.: Single-trace clustering power analysis of the point-swap** procedure in the three point ladder of Cortex-M4 SIKE. Cryptology ePrint Archive, Paper 2022/364 (2022). https://eprint.iacr.org/2022/364
Kamucheka, T., Fahr, M., Teague, T., Nelson, A., Andrews, D., Huang, M.: Power-based side channel attack analysis on PQC algorithms. Cryptology ePrint Archive, Paper 2021/1021 (2021). https://eprint.iacr.org/2021/1021
Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: PQM4: post-quantum crypto library for the ARM Cortex-M4. https://github.com/mupq/pqm4
Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: pqm4: Testing and benchmarking NIST PQC on ARM Cortex-M4. Cryptology ePrint Archive, Paper 2019/844 (2019). https://eprint.iacr.org/2019/844
Khalid, A., Howe, J., Rafferty, C., Regazzoni, F., O’Neill, M.: Compact, scalable, and efficient discrete Gaussian samplers for lattice-based cryptography. In: 2018 IEEE International Symposium on Circuits and Systems (ISCAS) (2018). https://doi.org/10.1109/ISCAS.2018.8351009
Kim, S., Hong, S.: Single trace analysis on constant time CDT sampler and its countermeasure. Appl. Sci. 8(10) (2018). https://doi.org/10.3390/app8101809. https://www.mdpi.com/2076-3417/8/10/1809
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25
Lerman, L., Bontempi, G., Markowitch, O., et al.: Power analysis attack: an approach based on machine learning. Int. J. Appl. Cryptogr. 3(2), 97–115 (2014)
Marzougui, S., Wisiol, N., Gersch, P., Krämer, J., Seifert, J.: Machine-learning side-channel attacks on the GALACTICS constant-time implementation of BLISS. CoRR abs/2109.09461 (2021). https://arxiv.org/abs/2109.09461
McCann, D., Oswald, E., Whitnall, C.: Towards practical tools for side channel aware software engineering: ‘grey box’ modelling for instruction leakages. Cryptology ePrint Archive, Paper 2016/517 (2016). https://eprint.iacr.org/2016/517
National Institute of Standards and Technology (NIST): Post-Quantum Cryptography Standardization. https://csrc.nist.gov/Projects/Post-Quantum-Cryptography
NewAE Technology Inc.: ChipWhisperer-Lite 32-Bit. https://www.newae.com/products/NAE-CWLITE-ARM
NewAE Technology Inc.: ChipWhisperer software. https://github.com/newaetech/chipwhisperer
NewAE Technology Inc.: CW308 UFO Target Board. https://www.newae.com/products/NAE-CW308
NewAE Technology Inc.: STM32F4 Target for CW308. https://www.newae.com/ufo-target-pages/NAE-CW308T-STM32F4
Ngo, K., Dubrova, E., Johansson, T.: Breaking masked and shuffled CCA secure Saber KEM by power analysis. Cryptology ePrint Archive, Paper 2021/902 (2021). https://eprint.iacr.org/2021/902
O’Flynn, C., Chen, Z.D.: ChipWhisperer: an open-source platform for hardware embedded security research. Cryptology ePrint Archive, Paper 2014/204 (2014). https://eprint.iacr.org/2014/204
Park, J., et al.: PQC-SEP: power side-channel evaluation platform for post-quantum cryptography algorithms. Cryptology ePrint Archive, Paper 2022/527 (2022). https://eprint.iacr.org/2022/527
Ravi, P., Roy, D.B., Bhasin, S., Chattopadhyay, A., Mukhopadhyay, D.: Number “not used” once - practical fault attack on pqm4 implementations of NIST candidates. Cryptology ePrint Archive, Paper 2018/211 (2018). https://eprint.iacr.org/2018/211
STMicroelectronics: STM32F405/415. https://www.st.com/en/microcontrollers-microprocessors/stm32f405-415.html#overview
Tibouchi, M., Wallet, A.: One bit is all it takes: a devastating timing attack on bliss’s non-constant time sign flips. Cryptology ePrint Archive, Paper 2019/898 (2019). https://eprint.iacr.org/2019/898
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wisiol, N., Gersch, P., Seifert, JP. (2023). Cycle-Accurate Power Side-Channel Analysis Using the ChipWhisperer: A Case Study on Gaussian Sampling. In: Buhan, I., Schneider, T. (eds) Smart Card Research and Advanced Applications. CARDIS 2022. Lecture Notes in Computer Science, vol 13820. Springer, Cham. https://doi.org/10.1007/978-3-031-25319-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-25319-5_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-25318-8
Online ISBN: 978-3-031-25319-5
eBook Packages: Computer ScienceComputer Science (R0)