[Resource Topic] 2021/477: Exploiting ROLLO's Constant-Time Implementations with a Single-Trace Analysis

Welcome to the resource topic for 2021/477

Title:
Exploiting ROLLO’s Constant-Time Implementations with a Single-Trace Analysis

Authors: Agathe Cheriere, Lina Mortajine, Tania Richmond, Nadia El Mrabet

Abstract:

ROLLO was a candidate to the second round of NIST Post-Quantum Cryptography standardization process. In the last update in April 2020, there was a key encapsulation mechanism (ROLLO-I) and a public-key encryption scheme (ROLLO-II). In this paper, we propose an attack to recover the syndrome during the decapsulation process of ROLLO-I. From this syndrome, we explain how to perform a private key-recovery. We target two constant-time implementations: the C reference implementation and a C implementation available on GitHub. By getting power measurements during the execution of the Gaussian elimination function, we are able to extract on a single trace each element of the syndrome. This attack can also be applied to the decryption process of ROLLO-II.

ePrint: https://eprint.iacr.org/2021/477

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .