Simulating SASCA on Keccak: Security Implications for Post-Quantum Cryptographic Schemes

Julien Maillard; Julien Maillard; Thomas Hiscock; Maxime Lecomte; Christophe Clavier

doi:10.5220/0012787200003767

Simulating SASCA on Keccak: Security Implications for Post-Quantum Cryptographic Schemes

Julien Maillard, Julien Maillard, Thomas Hiscock, Maxime Lecomte, Christophe Clavier

2024

Abstract

Keccak is a standard hashing algorithm that is used in cryptographic protocols as Pseudo Random Functions (PRF), as Pseudo Random Number Generator (PRNG), to check data integrity or to create a Hash-based Message Authentication Code (HMAC). In many cryptographic constructions, secret data is processed with hashing functions. In these cases, recovering the input given to the hashing algorithm allows retrieving secret data. In this paper, we investigate the application of Soft Analytical Side-Channel Attacks (SASCA), based on a Belief Propagation (BP) framework, to recover the input of SHA-3 instances. Thanks to a simulation framework, we extend existing work on the Keccak-f permutation function by developing a comprehensive study of the attacker’s recovery capacity depending on the hash function variant. Then, we study the security implications of SASCA on cryptosystems performing multiple calls to hashing functions with inputs derived from the same secret data. We show that such constructions can be exploited efficiently by an attacker and show typical use-cases by targeting Kyber’s encryption routine and Dilithium’s signing routine. We also show that increasing Kyber’s security parameters implies weaker security against SASCA. Finally, our study gives insights about the minimal bit-level classification accuracy required for successful SASCA on Keccak.

Download

Paper Citation

in Harvard Style

Maillard J., Hiscock T., Lecomte M. and Clavier C. (2024). Simulating SASCA on Keccak: Security Implications for Post-Quantum Cryptographic Schemes. In Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-709-2, SciTePress, pages 518-527. DOI: 10.5220/0012787200003767

in Bibtex Style

@conference{secrypt24,
author={Julien Maillard and Thomas Hiscock and Maxime Lecomte and Christophe Clavier},
title={Simulating SASCA on Keccak: Security Implications for Post-Quantum Cryptographic Schemes},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2024},
pages={518-527},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012787200003767},
isbn={978-989-758-709-2},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Simulating SASCA on Keccak: Security Implications for Post-Quantum Cryptographic Schemes
SN - 978-989-758-709-2
AU - Maillard J.
AU - Hiscock T.
AU - Lecomte M.
AU - Clavier C.
PY - 2024
SP - 518
EP - 527
DO - 10.5220/0012787200003767
PB - SciTePress