Towards Side-Channel Infrastructure for Software Implementations of PQC Algorithms

Author

Tristen Teague, University of Arkansas-FayettevilleFollow

Date of Graduation

5-2024

Document Type

Thesis

Degree Name

Master of Science in Computer Engineering (MSCmpE)

Degree Level

Graduate

Department

Computer Science & Computer Engineering

Advisor/Mentor

Alexander Nelson

Committee Member

David Andrews

Second Committee Member

Miaoqing Huang

Keywords

Embedded Systems; Infrastructure Tool; Leakage Assessment; Post-Quantum Cryptography; Side-Channel Attack; Test-Vector Leakage Assessment

Abstract

Post-Quantum Cryptography (PQC) is a new class of asymmetric cryptography algorithms that are supposed to be secure against both classical computers and quantum computers through Shor’s algorithm. Since PQC algorithms are currently being standardized, they will replace older standardized asymmetric algorithms (such as RSA) and will be deployed within the digital infrastructure. Before implementations of the PQC algorithms are placed into the infrastructure, they must undergo evaluation of both performance and security. One such security issue that needs large investigation before deployment are side-channels. Side-channel attacks (SCA) are a method of gathering information from the implementation, such as power-consumption and timing differences, that can help attackers infer information that should be secret. Much of the PQC algorithms are fairly new in the cryptography world, meaning there may be much side-channel vulnerabilities within implementations that are hidden due to lack of evaluation. This thesis describes the work towards a cloud-based SCA infrastructure tool for PQC algorithms with a focus on the software side that will be open for the research community. This infrastructure tool consists of a fully automated power-analysis SCA evaluation flow, where the user submits the implementation of a PQC algorithm and is given back an SCA evaluation report (through Test-Vector Leakage Assessment) along with the collected traces used for the analysis. This infrastructure tool helps implementers who do not have the tools or SCA knowledge to conduct the SCA power-based evaluation to do the SCA work for them. Having an infrastructure tool open to the public that conducts power-based SCA evaluations helps improve the overall security of PQC implementations before they are deployed into the infrastructure.

Citation

Teague, T. (2024). Towards Side-Channel Infrastructure for Software Implementations of PQC Algorithms. Graduate Theses and Dissertations Retrieved from https://scholarworks.uark.edu/etd/5314