Hello all,
Myself and Matthias Kannwischer (in cc) were recently working together on developing an attack to exploit the recently discovered timing vulnerability due to division operation ("/KYBER_Q") in the message decoding procedure (poly_tomsg) used in the decryption procedure. During our analysis, we stumbled upon another another source of timing variability in several patched implementations of Kyber, and thus would like to report this as a new vulnerability disclosure. Unfortunately, the same division vulnerability ("/KYBER_Q") is also present in the compression functions (poly_compress and polyvec_compress) used in the encryption procedure.
Refer to https://godbolt.org/z/6anbaK44v for a compiled x86-64 assembly code (with -Os option) of the poly_compress function that contains the division vulnerability. Similarly, refer to https://godbolt.org/z/zG7r7E9a4 for a compiled ARM Cortex-M4 assembly code (with -Os option).
We believe, the aforementioned division operations were not considered to be problematic since they were present in the encryption procedure whose ciphertext output is considered to be public. However, the encryption procedure is also used for re-encryption in the FO transformed decapsulation procedure, where the ciphertext output is considered to be sensitive.
This bug results in timing variability in the decapsulation procedure, which can be easily exploited through maliciously crafted skewed chosen ciphertexts exploiting a Plaintext Checking (PC) oracle, as shown in [1,2] among several related works. This new bug results in a much higher timing variability compared to the same bug in the decryption procedure, that can be exploited through attacks exploiting side-channel information as a PC oracle.
Impact:
We have observed this vulnerability in several libraries that are listed in the recently created website by Dr. Daniel J Bernstein (Thank you for creating this nice summary website). This calls for another patch of several Kyber implementations.
https://kyberslash.cr.yp.to/libraries.html
With the help of Peter Schwabe (Special Thanks!), we have reached out to several of these teams/projects with this vulnerability disclosure, and hope that a patch will be made soon. We are more than glad to receive feedback on the same.
With Thanks and Regards,
Prasanna Ravi.
References:
[1] Ravi, Prasanna, Sujoy Sinha Roy, Anupam Chattopadhyay, and Shivam Bhasin. "Generic side-channel attacks on CCA-secure lattice-based PKE and KEMs." IACR transactions on cryptographic hardware and embedded systems (2020): 307-335.
[2] Ueno, Rei, Keita Xagawa, Yutaro Tanaka, Akira Ito, Junko Takahashi, and Naofumi Homma. "Curse of re-encryption: A generic power/EM analysis on post-quantum KEMs." IACR Transactions on Cryptographic Hardware and Embedded Systems (2022): 296-322.
CONFIDENTIALITY: This email is intended solely for the person(s) named and may be confidential and/or privileged. If you are not the intended recipient, please delete it, notify us and do not copy,
use, or disclose its contents.
Towards a sustainable earth: Print only when necessary. Thank you.
Hi everyone,
Thanks Prasanna and Matthias for the great additional research and thanks to DJB for the practical demo!
This new finding is now also patched in Kyber-K2SO:
https://github.com/symbolicsoft/kyber-k2so/commit/2d16efee71ae195a6aef2fb36f5ed60768d78c98
Of some concern is the fact that these patches in the Kyber reference implementation are leading to a lot of new constants being thrown into the code with little documentation. Between "KyberSlash1" and "KyberSlash2", we can see the following constants added to the reference implementation code:
- 1665 and 80635 in KyberSlash1: https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220
- 40318, 1664, 645084 and 1290167 in KyberSlash2: https://github.com/pq-crystals/kyber/commit/272125f6acc8e8b6850fd68ceb901a660ff48196
I've done some guesswork to try to understand where these values come from:
It would be clear to get a cleanup of the reference implementations that gives names to these constants. My theory is that they were identified simply as workaround values that allow us to do what the division by KYBER_Q did without messing anything else up, but nevertheless it would be good to have that explained.
Thanks again,
--
You received this message because you are subscribed to the Google Groups "pqc-forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pqc-forum+...@list.nist.gov.
To view this discussion on the web visit https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/TYZPR01MB411585C4A63FF131FFA02004C79CA%40TYZPR01MB4115.apcprd01.prod.exchangelabs.com.
-- Nadim Kobeissi Symbolic Software - https://symbolic.software
I've done some guesswork to try to understand where these values come from:
- 1665 appears to be math.Ceil(KYBER_Q / 2).
- 1664 appears to be math.Floor(KYBER_Q / 2).
- 80635 has unclear origins, I'll call it X.
Thank you, Bas! I've updated the code with clearer naming for these new constants:
https://github.com/symbolicsoft/kyber-k2so/commit/f97c7356b2eeca1d3672effe2aca05acd4c4d473
It could be useful for Peter to update the Kyber reference
implementation with similar clarifying naming.
--
You received this message because you are subscribed to the Google Groups "pqc-forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pqc-forum+...@list.nist.gov.
To view this discussion on the web visit https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/CAMjbhoWZ9QiG-_Dixj9jdR%2BwV_NmnWvEsdLMYoJRazhLkS5sPA%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "pqc-forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pqc-forum+...@list.nist.gov.
To view this discussion on the web visit https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/b1ff94cf-4d7f-4fd2-af2f-8dc56f4ea9c0n%40list.nist.gov.
Another question re: constant time in MLKEM.In NTT and NTT_Inv, the spec tells me to compute (Zeta ** (BitRev7 (K)) mod QIf I naively write that as an integer exponentiation operator, then the compiler generates a call toa runtime library routine, which I'd rather not have, and is definitely not constant-time with respectto the value of the right hand argument anyway.So... I'm tempted to replace the whole thing by a lookup table, but that leaks the valueof K via the address bus. On the other hand, the sequence of values of K is predictableand not a secret, right?So... am I OK to use a lookup table here?
Thanks,RodOn Saturday 30 December 2023 at 08:24:05 UTC Prasanna Ravi wrote:Hello all,
Myself and Matthias Kannwischer (in cc) were recently working together on developing an attack to exploit the recently discovered timing vulnerability due to division operation ("/KYBER_Q") in the message decoding procedure (poly_tomsg) used in the decryption procedure. During our analysis, we stumbled upon another another source of timing variability in several patched implementations of Kyber, and thus would like to report this as a new vulnerability disclosure. Unfortunately, the same division vulnerability ("/KYBER_Q") is also present in the compression functions (poly_compress and polyvec_compress) used in the encryption procedure.
Refer to https://godbolt.org/z/6anbaK44v for a compiled x86-64 assembly code (with -Os option) of the poly_compress function that contains the division vulnerability. Similarly, refer to https://godbolt.org/z/zG7r7E9a4 for a compiled ARM Cortex-M4 assembly code (with -Os option).
We believe, the aforementioned division operations were not considered to be problematic since they were present in the encryption procedure whose ciphertext output is considered to be public. However, the encryption procedure is also used for re-encryption in the FO transformed decapsulation procedure, where the ciphertext output is considered to be sensitive.
This bug results in timing variability in the decapsulation procedure, which can be easily exploited through maliciously crafted skewed chosen ciphertexts exploiting a Plaintext Checking (PC) oracle, as shown in [1,2] among several related works. This new bug results in a much higher timing variability compared to the same bug in the decryption procedure, that can be exploited through attacks exploiting side-channel information as a PC oracle.
Impact:
We have observed this vulnerability in several libraries that are listed in the recently created website by Dr. Daniel J Bernstein (Thank you for creating this nice summary website). This calls for another patch of several Kyber implementations.
https://kyberslash.cr.yp.to/libraries.html
With the help of Peter Schwabe (Special Thanks!), we have reached out to several of these teams/projects with this vulnerability disclosure, and hope that a patch will be made soon. We are more than glad to receive feedback on the same.
With Thanks and Regards,
Prasanna Ravi.
References:
[1] Ravi, Prasanna, Sujoy Sinha Roy, Anupam Chattopadhyay, and Shivam Bhasin. "Generic side-channel attacks on CCA-secure lattice-based PKE and KEMs." IACR transactions on cryptographic hardware and embedded systems (2020): 307-335.
[2] Ueno, Rei, Keita Xagawa, Yutaro Tanaka, Akira Ito, Junko Takahashi, and Naofumi Homma. "Curse of re-encryption: A generic power/EM analysis on post-quantum KEMs." IACR Transactions on Cryptographic Hardware and Embedded Systems (2022): 296-322.
CONFIDENTIALITY: This email is intended solely for the person(s) named and may be confidential and/or privileged. If you are not the intended recipient, please delete it, notify us and do not copy, use, or disclose its contents.Towards a sustainable earth: Print only when necessary. Thank you.
Hello Rod,
Regarding the CT comparison question, the CT comparison should not abort prematurely upon mismatch. It should definitely be constant time. This timing difference can be used as a Decryption Failure oracle when the attacker queries the decapsulation device with crafted ciphertexts. This exact timing vulnerability was exploited in an older implementation of Frodo in the following paper by Guo, Johansson and Nilsson published at Crypto 2020.
https://eprint.iacr.org/2020/743.pdf
This attack can be easily adapted to Kyber, and the technique used in the following paper by Bhasin et al. can be used to exploit the timing vulnerability:
With Thanks and Regards,
Prasanna Ravi.
From:
'Rod Chapman' via pqc-forum <pqc-...@list.nist.gov>
Date: Wednesday, 10 January 2024 at 8:40 PM
To: pqc-forum <pqc-...@list.nist.gov>
Cc: Filippo Valsorda <fil...@ml.filippo.io>, Rod Chapman <roderick...@googlemail.com>
Subject: Re: [pqc-forum] Re: New Vulnerability Announcement on Variable Time Kyber Implementations
|
To view this discussion on the web visit https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/da1e9e27-f231-4bc9-b2c2-5edcf6bb91b8n%40list.nist.gov.
On 18/01/2024 13:05, Peter Schwabe wrote:
Will the implementation that you're working on be public? I think you mentioned before that it's an Ada implementation and it sounds like something that would be very useful to have available.
It's SPARK (the Ada subset, supported by the its proof tools).
The code currently has proofs of memory-safety, type-safety,
absence of undefined behaviour, and a few other properties, all
purely "auto-active" in that it's all done entirely automatically
and based only on the types and contracts in the code.
I am in the final throes of gaining approval from AWS to release this under a suitably permissive licence.
All the best,
Rod