1. Forum
  2. Usenet
  3. SCI.CRYPT

  • [digest] 2023 Week 50 (2/2)

    From IACR ePrint Archive@21:1/5 to All on Mon Dec 18 03:22:08 2023
    [continued from previous message]

    The Automatic Certificate Management Environment protocol (ACME) has significantly contributed to the widespread use of digital certificates in safeguarding the authenticity and privacy of Internet data. These certificates are required for implementing
    the Transport Layer Security (TLS) protocol. However, it is well known that the cryptographic algorithms employed in these certificates will become insecure with the emergence of quantum computers. This study assesses the challenges in transitioning ACME
    to the post-quantum landscape using Post-Quantum Cryptography (PQC). To evaluate the cost of ACME's PQC migration, we create a simulation environment for issuing PQC-only and hybrid digital certificates. Our experiments reveal performance drawbacks
    associated with the switch to PQC or hybrid solutions. However, considering the high volume of certificates issued daily by organizations like Let's Encrypt, the performance of ACME is of utmost importance. To address this concern, we propose a novel
    challenge method for ACME. Compared to the widely used HTTP-01 method, our findings indicate an average PQC certificate issuance time that is 4.22 times faster, along with a potential reduction of up to 35% in communication size.



    ## 2023/1922

    * Title: One for All, All for Ascon: Ensemble-based Deep Learning Side-channel Analysis
    * Authors: Azade Rezaeezade, Abraham Basurto-Becerra, Léo Weissbart, Guilherme Perin
    * [Permalink](https://eprint.iacr.org/2023/1922)
    * [Download](https://eprint.iacr.org/2023/1922.pdf)

    ### Abstract

    In recent years, deep learning-based side-channel analysis (DLSCA) has become an active research topic within the side-channel analysis community. The well-known challenge of hyperparameter tuning in DLSCA encouraged the community to use methods that
    reduce the effort required to identify an optimal model. One of the successful methods is ensemble learning. While ensemble methods have demonstrated their effectiveness in DLSCA, particularly with AES-based datasets, their efficacy in analyzing
    symmetric-key cryptographic primitives with different operational mechanics remains unexplored.
    Ascon was recently announced as the winner of the NIST lightweight cryptography competition. This will lead to broader use of Ascon and a crucial requirement for thorough side-channel analysis of its implementations. With these two considerations in view,
    we utilize an ensemble of deep neural networks to attack two implementations of Ascon. Using an ensemble of five multilayer perceptrons or convolutional neural networks, we could find the secret key for the Ascon-protected implementation with less than
    3 000 traces. To the best of our knowledge, this is the best currently known result. We can also identify the correct key with less than 100 traces for the unprotected implementation of Ascon, which is on par with the state-of-the-art results.



    ## 2023/1923

    * Title: Differential Fault Attack on Ascon Cipher
    * Authors: Amit Jana
    * [Permalink](https://eprint.iacr.org/2023/1923)
    * [Download](https://eprint.iacr.org/2023/1923.pdf)

    ### Abstract

    This work investigates the security of the Ascon authenticated encryption scheme in the context of fault attacks, with a specific focus on Differential Fault Analysis (DFA). Motivated by the growing significance of lightweight cryptographic solutions,
    particularly Ascon, we explore potential vulnerabilities in its design using DFA. By employing a novel approach that combines faulty forgery in the decryption query under two distinct fault models, leveraging bit-flip faults in the first phase and bit-
    set faults in the second, we successfully recover the complete Ascon key. This study sheds light on the impact of key whitening in the final permutation call and discusses potential threats when this safeguard is absent. Additionally, we consider the
    implications of injecting multiple bit-flip faults at the S-box input, suggesting alternative strategies for compromising the state space. Our findings contribute valuable insights into the gray-box security landscape of Ascon, emphasizing the need for
    robust defenses to ensure the integrity and resilience of lightweight cryptographic primitives against diverse fault attacks.



    ## 2023/1924

    * Title: Analyzing the complexity of reference post-quantum software
    * Authors: Daniel J. Bernstein
    * [Permalink](https://eprint.iacr.org/2023/1924)
    * [Download](https://eprint.iacr.org/2023/1924.pdf)

    ### Abstract

    Constant-time C software for various post-quantum KEMs has been submitted by the KEM design teams to the SUPERCOP testing framework. The ref/*.c and ref/*.h files together occupy, e.g., 848 lines for ntruhps4096821, 928 lines for ntruhrss701, 1316 lines
    for sntrup1277, and 2613 lines for kyber1024.

    It is easy to see that these numbers overestimate the inherent complexity of software for these KEMs. It is more difficult to systematically measure this inherent complexity.

    This paper takes these KEMs as case studies and applies consistent rules to streamline the ref software for the KEMs, while still passing SUPERCOP's tests and preserving the decomposition of specified KEM operations into functions. The resulting software
    occupies 381 lines for ntruhps4096821, 385 lines for ntruhrss701, 472 lines for kyber1024, and 478 lines for sntrup1277. This paper also identifies the external subroutines used in each case, identifies the extent to which code is shared across different
    parameter sets, quantifies various software complications specific to each KEM, and finds secret-dependent timings in kyber*/ref.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)