Ciphertext Malleability in Lattice-Based KEMs as a Countermeasure to Side Channel Analysis

TL;DR

This paper examines ciphertext malleability vulnerabilities in lattice-based PQC KEMs, proposes a countermeasure exploiting this malleability, and extends prior attacks to various security levels and parameters, enhancing understanding of SCA risks.

Contribution

It introduces a novel countermeasure leveraging ciphertext malleability and generalizes existing SCA attacks to different PQC primitives and parameters.

Findings

Identified ciphertext malleability as a side-channel vulnerability.

Proposed a countermeasure exploiting malleability.

Extended attack analysis to multiple security levels and parameters.

Abstract

Due to developments in quantum computing, classical asymmetric cryptography is at risk of being breached. Consequently, new Post-Quantum Cryptography (PQC) primitives using lattices are studied. Another point of scrutiny is the resilience of these new primitives to Side Channel Analysis (SCA), where an attacker can study physical leakages. In this work we discuss a SCA vulnerability due to the ciphertext malleability of some PQC primitives exposed by a work from Ravi et al. We propose a novel countermeasure to this vulnerability exploiting the same ciphertext malleability and discuss its practical application to several PQC primitives. We also extend the seminal work of Ravi et al. by detailing their attack on the different security levels of a post-quantum Key Encapsulation Mechanism (KEM), namely FrodoKEM. We also provide a generalisation of their attack to different parameters which could be used in future similar primitives.