Practical Evaluation of Masking for NTRUEncrypt on ARM Cortex-M4
To protect against the future threat of large scale quantum computing, cryptographic schemes that are considered appropriately secure against known quantum algorithms have gained in popularity and are currently in the process of standardization by NIST. One of the more promising so-called post-quantum schemes is NTRUEncrypt, which withstood scrutiny from the scientific community for over 20 years.
Similar to classical algorithms like AES, implementations of NTRUEncrypt must be protected against physical attacks. While different masking and hiding countermeasures have been proposed in the past, practical power analysis evaluations of masking for NTRUEncrypt are lacking. We therefore provide a practical evaluation of masking applied to index-based multiplication and a modern parameter set using trinary polynomials. With the use of SIMD instructions available in the Cortex-M4 microcontroller, we are able to implement additive masking without any significant performance overhead compared to an unmasked implementation. Our implementation showed no observable first-order leakage using a HW model and two million measurement traces. Successful second-order attacks are demonstrated for our implementation using SIMD instructions, which processes the mask and masked data simultaneously, as well as for a sequential implementation built for comparison. Finally, we show that applying both our low cost masking countermeasure together with a known and equally efficient shuffling scheme can provide a good trade-off achieving a high level of security without a large performance penalty.
KeywordsPost-quantum cryptography Side-channel analysis NTRUEncrypt Countermeasures Masking
This work was partly funded by the German Federal Ministry of Education and Research in the project HQS through grant number 16KIS0616.
- 6.Hoffstein, J., Silverman, J.: Optimizations for NTRU. In: Public-Key Cryptography and Computational Number Theory, Warsaw, pp. 77–88 (2001)Google Scholar
- 8.IEEE: IEEE standard specification for public key cryptographic techniques based on hard problems over lattices. IEEE Std 1363.1-2008, pp. C1–69, March 2009. https://doi.org/10.1109/IEEESTD.2009.4800404
- 14.Zhang, Z., Chen, C., Hoffstein, J., Whyte, W.: NTRUEncrypt NIST Sumission. https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions