skip to main content
research-article

Horizontal Side-Channel Vulnerabilities of Post-Quantum Key Exchange and Encapsulation Protocols

Published:18 October 2021Publication History
Skip Abstract Section

Abstract

Key exchange protocols and key encapsulation mechanisms establish secret keys to communicate digital information confidentially over public channels. Lattice-based cryptography variants of these protocols are promising alternatives given their quantum-cryptanalysis resistance and implementation efficiency. Although lattice cryptosystems can be mathematically secure, their implementations have shown side-channel vulnerabilities. But such attacks largely presume collecting multiple measurements under a fixed key, leaving the more dangerous single-trace attacks unexplored.

This article demonstrates successful single-trace power side-channel attacks on lattice-based key exchange and encapsulation protocols. Our attack targets both hardware and software implementations of matrix multiplications used in lattice cryptosystems. The crux of our idea is to apply a horizontal attack that makes hypotheses on several intermediate values within a single execution all relating to the same secret, and to combine their correlations for accurately estimating the secret key. We illustrate that the design of protocols combined with the nature of lattice arithmetic enables our attack. Since a straightforward attack suffers from false positives, we demonstrate a novel extend-and-prune procedure to recover the key by following the sequence of intermediate updates during multiplication.

We analyzed two protocols, Frodo and FrodoKEM, and reveal that they are vulnerable to our attack. We implement both stand-alone hardware and RISC-V based software realizations and test the effectiveness of the proposed attack by using concrete parameters of these protocols on physical platforms with real measurements. We show that the proposed attack can estimate secret keys from a single power measurement with over 99% success rate.

REFERENCES

  1. [1] Alkim Erdem, Cheng Dean Yun-Li, Chung Chi-Ming Marvin, Evkan Hülya, Huang Leo Wei-Lun, Hwang Vincent, Li Ching-Lin Trista, Niederhagen Ruben, Shih Cheng-Jhih, Wälde Julian, and Yang Bo-Yin. 2020. Polynomial multiplication in NTRU prime: Comparison of optimization strategies on cortex-M4. IACR Transactions on Cryptographic Hardware and Embedded Systems 2021, 1 (2020), 243268. DOI: https://doi.org/10.46586/tches.v2021.i1.217-238Google ScholarGoogle Scholar
  2. [2] Alkim Erdem, Joppe W. Bos Léo Ducas, Longa Patrick, Mironov Ilya, Naehrig Michael, Nikolaenko Valeria, Peikert Chris, Raghunathan Ananth, and Stebila Douglas. 2020. FrodoKEM Learning With Errors Key Encapsulation Algorithm Specifications And Supporting Documentation. https://frodokem.org/files/FrodoKEM-specification-20200930.pdf.Google ScholarGoogle Scholar
  3. [3] Amiet Dorian, Curiger Andreas, Leuenberger Lukas, and Zbinden Paul. 2020. Defeating newhope with a single trace. In Proceedings of the International Conference on Post-Quantum Cryptography. 189205.Google ScholarGoogle ScholarCross RefCross Ref
  4. [4] An Soojung, Kim Suhri, Jin Sunghyun, Kim HanBit, and Kim HeeSeok. 2018. Single trace side channel analysis on NTRU implementation. Applied Science 8, 11 (2018), 1–17.Google ScholarGoogle ScholarCross RefCross Ref
  5. [5] Arute Frank, Arya Kunal, Babbush Ryan, Bacon Dave, Bardin Joseph C., Barends Rami, Biswas Rupak, Boixo Sergio, Brandao Fernando GSL, Buell David A., et al. 2019. Quantum supremacy using a programmable superconducting processor. Nature 574, 7779 (2019), 505510.Google ScholarGoogle ScholarCross RefCross Ref
  6. [6] Atici Ali Can, Batina Lejla, Gierlichs Benedikt, and Verbauwhede Ingrid. 2008. Power analysis on NTRU implementations for RFIDs: First results. In Proceedings of the Workshop on RFID Security. 128–139.Google ScholarGoogle Scholar
  7. [7] Avanzi Roberto, Bos Léo Ducas Joppe, Kiltz Eike, Lepoint Tancréde, Lyubashevsky Vadim, Schanck John M., Schwabe Peter, Seiler Gregor, and Stehlé Damien. 2021. CRYSTALS-Kyber Algorithm Specifications And Supporting Documentation. Retrieved June 9, 2021 from https://pq-crystals.org/kyber/data/kyber-specification-round3-20210131.pdf.Google ScholarGoogle Scholar
  8. [8] Aydin Furkan, Kashyap Priyank, Potluri Seetal, Franzon Paul, and Aysu Aydin. 2020. DeePar-SCA: Breaking parallel architectures of lattice cryptography via learning based side-channel attacks. In Proceedings of the International Conference on Embedded Computer Systems: Architectures, Modeling, and Simulation. Springer, 262280.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. [9] Aysu Aydin, Tobah Youssef, Gerstlauer Mohit Tiwari Andreas, and Orshansky Michael. 2018. Horizontal side-channel vulnerabilities of post-quantum key exchange protocols. In Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust. 8188. DOI: https://doi.org/10.1109/HST.2018.8383894Google ScholarGoogle ScholarCross RefCross Ref
  10. [10] Balasch Josep, Gierlichs Benedikt, Reparaz Oscar, and Verbauwhede Ingrid. 2015. DPA, Bitslicing and Masking at 1 GHz. Springer Berlin Heidelberg, Berlin, 599619. DOI: https://doi.org/10.1007/978-3-662-48324-4_30Google ScholarGoogle Scholar
  11. [11] Basso Andrea, Mera Jose Maria Bermudo, D’Anvers Jan-Pieter, Karmakar Angshuman, Roy Sujoy Sinha, Beirendonck Michiel Van, and Vercauteren Frederik. 2020. SABER: Mod-LWR based KEM. Technical report. Retrieved from https://www.esat.kuleuven.be/cosic/pqcrypto/saber/files/saberspecround3.pdf.Google ScholarGoogle Scholar
  12. [12] Bauer Aurélie, Jaulmes Eliane, Prouff Emmanuel, and Wild Justine. 2014. Horizontal Collision Correlation Attack on Elliptic Curves. Springer Berlin Heidelberg, Berlin, 553570. DOI: https://doi.org/10.1007/978-3-662-43414-7_28 Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. [13] STMicroelectronics 8 bit MCUs. 2020. Retrieved June 9, 2021 from https://www.st.com/en/microcontrollers-microprocessors/stm8-8-bit-mcus.html.Google ScholarGoogle Scholar
  14. [14] Bootle Jonathan, Delaplace Claire Delaplace, Espitau Thomas, Fouque Pierre-Alain, and Tibouchi Mehdi. 2018. LWE without modular reduction and improved side-channel attacks against BLISS. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security. Springer, 494524.Google ScholarGoogle ScholarCross RefCross Ref
  15. [15] Bos Joppe, Costello Craig, Ducas Léo, Mironov Ilya, Naehrig Michael, Nikolaenko Valeria, Raghunathan Ananth, and Stebila Douglas. 2016. Frodo: Take off the ring! practical, quantum-secure key exchange from LWE. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 10061018. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. [16] Bos Joppe W., Friedberger Simon, Martinoli Marco, Oswald Elisabeth, and Stam Martijn. 2018. Assessing the feasibility of single trace power analysis of frodo. In Proceedings of the Selected Areas in Cryptography. Springer, 216234.Google ScholarGoogle Scholar
  17. [17] Brier Eric, Clavier Christophe, and Olivier Francis. 2004. Correlation power analysis with a leakage model. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 1629.Google ScholarGoogle ScholarCross RefCross Ref
  18. [18] Buchmann Johannes, Göpfert Florian, Güneysu Tim, Oder Tobias, and Pöppelmann Thomas. 2016. High-performance and lightweight lattice-based public-key encryption. In Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security.ACM, New York, NY, 29. DOI: https://doi.org/10.1145/2899007.2899011 Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. [19] Chari Suresh, Rao Josyula R., and Rohatgi Pankaj. 2002. Template attacks. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 1328. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. [20] Clavier Christophe, Feix Benoit, Gagnerot Georges, Roussellet Mylène, and Verneuil Vincent. 2010. Horizontal correlation analysis on exponentiation. In Proceedings of the International Conference on Information and Communications Security, Vol. 6476. Springer, 4661. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. [21] Espitau Thomas, Fouque Pierre-Alain, Gerard Benoit, and Tibouchi Mehdi. 2017. Side-Channel Attacks on BLISS Lattice-Based Signatures – Exploiting Branch Tracing Against strongSwan and Electromagnetic Emanations in Microcontrollers. Cryptology ePrint Archive, Report 2017/505. Retrieved June 9, 2021 from http://eprint.iacr.org/2017/505.Google ScholarGoogle Scholar
  22. [22] Fan Guangjun, Zhou Yongbin, Zhang Hailong, and Feng Dengguo. 2014. How to choose interesting points for template attacks more effectively? In Proceedings of the International Conference on Trusted Systems, Vol. 9473. 168183. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. [23] Security Federal Office for Information. 2020. BSI TR-02102-1: “Cryptographic Mechanisms: Recommendations and Key Lengths“ Version: 2020-1. Retrieved from https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.html.Google ScholarGoogle Scholar
  24. [24] Fouque Pierre-Alain and Valette Frédéric. 2003. The doubling attack-why upwards is better than downwards. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems, Vol. 2779. Springer, 269280.Google ScholarGoogle ScholarCross RefCross Ref
  25. [25] Huang Wei-Lun, Chen Jiun-Peng, and Yang Bo-Yin. 2020. Power analysis on NTRU prime. IACR Transactions on Cryptographic Hardware and Embedded Systems 2020, 1 (2020), 123151. DOI: https://doi.org/10.13154/tches.v2020.i1.123-151Google ScholarGoogle Scholar
  26. [26] İnci Mehmet Sinan, Gulmezoglu Berk, Irazoqui Gorka, Eisenbarth Thomas, and Sunar Berk. 2016. Cache Attacks Enable Bulk Key Recovery on the Cloud. Springer Berlin Heidelberg, Berlin, 368388. DOI: https://doi.org/10.1007/978-3-662-53140-2_18Google ScholarGoogle Scholar
  27. [27] Kannwischer Matthias J., Pessl Peter, and Primas Robert. 2020. Single-trace attacks on keccak. IACR Transactions on Cryptographic Hardware and Embedded Systems 2020, 3 (2020), 243268. DOI: https://doi.org/10.13154/tches.v2020.i3.243-268Google ScholarGoogle ScholarCross RefCross Ref
  28. [28] Karabulut Emre and Aysu Aydin. 2020. RANTT: A RISC-V architecture extension for the number theoretic transform. In Proceedings of the 30th International Conference on Field-Programmable Logic and Applications. 2632. DOI: https://doi.org/10.1109/FPL50879.2020.00016Google ScholarGoogle ScholarCross RefCross Ref
  29. [29] Karabulut Emre and Aysu Aydin. 2021. Falcon Down: Breaking Falcon Post-Quantum Signature Scheme through Side-Channel Attacks. Cryptology ePrint Archive, Report 2021/772. Retrieved June 9, 2021 from https://eprint.iacr.org/2021/772.Google ScholarGoogle Scholar
  30. [30] Kashyap Priyank, Aydin Furkan, Potluri Seetal, Franzon Paul, and Aysu Aydin. 2020. 2Deep: Enhancing side-channel attacks on lattice-based key-exchange via 2D deep learning. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 40, 6 (2020), 12171229. DOI: https://doi.org/10.1109/TCAD.2020.3038701Google ScholarGoogle ScholarCross RefCross Ref
  31. [31] Kim Il-Ju, Lee Tae-Ho, Han Jaeseung, Sim Bo-Yeon, and Han Dong-Guk. 2019. On Security of Fiat-Shamir Signatures over Lattice in the Presence of Randomness Leakage. Cryptology ePrint Archive, Report 2019/715. Retrieved June 9, 2021 from http://eprint.iacr.org/2019/715.Google ScholarGoogle Scholar
  32. [32] Kim Il-Ju, Lee Tae-Ho, Han Jaeseung, Sim Bo-Yeon, and Han Dong-Guk. 2020. Novel Single-Trace ML Profiling Attacks on NIST 3 Round candidate Dilithium. Cryptology ePrint Archive, Report 2020/1383. Retrieved June 9, 2021 from http://eprint.iacr.org/2020/1383.Google ScholarGoogle Scholar
  33. [33] Kim Suhri and Hong Seokhie. 2018. Single trace analysis on constant time cdt sampler and its countermeasure. Applied Sciences 8, 10 (2018), 1809.Google ScholarGoogle ScholarCross RefCross Ref
  34. [34] Kocher Paul, Jaffe Joshua, and Jun Benjamin. 1999. Differential power analysis. In Proceedings of the Annual International Conference on Advances in Cryptology. Springer, 789789. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. [35] Lyubashevsky Vadim and Seiler Gregor. 2019. NTTRU: Truly fast NTRU using NTT. IACR Transactions on Cryptographic Hardware and Embedded Systems 2019, 3 (2019), 180201. DOI: https://doi.org/10.13154/tches.v2019.i3.180-201Google ScholarGoogle ScholarCross RefCross Ref
  36. [36] Mangard Stefan, Oswald Elisabeth, and Popp Thomas. 2007. Statistical Characteristics of Power Traces. Springer US, Boston, MA, 6199. DOI: https://doi.org/10.1007/978-0-387-38162-6_4Google ScholarGoogle Scholar
  37. [37] Mateos Edgar and Gebotys Catherine H.. 2010. A new correlation frequency analysis of the side channel. In Proceedings of the 5th Workshop on Embedded Systems Security. ACM, 18. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. [38] MCUs MaximIntegrated Secure. 2020. Retrieved from https://para.maximintegrated.com/en/search.mvp?fam=micros&1233=Secure.Google ScholarGoogle Scholar
  39. [39] Mert Ahmet Can, Karabulut Emre, Ozturk Erdinc, Savas Erkay, and Aysu Aydin. 2020. An extensive study of flexible design methods for the number theoretic transform. IEEE Transactions on Computer.11. https://doi.org/10.1109/TC.2020.3017930Google ScholarGoogle ScholarCross RefCross Ref
  40. [40] Mert Ahmet Can, Karabulut Emre, Ozturk Erdinc, Savas Erkay, Becchi Michela, and Aysu Aydin. 2020. A flexible and scalable NTT hardware: Applications from homomorphically encrypted deep learning to post-quantum cryptography. In Proceedings of the 2020 Design, Automation Test in Europe Conference Exhibition. 346351. DOI: https://doi.org/10.23919/DATE48585.2020.9116470 Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. [41] Technology National Institute of Standards and. 2015. Workshop on Cybersecurity in a Post-Quantum World. Retrieved from https://www.nist.gov/news-events/events/2015/04/workshop-cybersecurity-post-quantum-world.Google ScholarGoogle Scholar
  42. [42] Ngo Kalle, Dubrova E., Guo Q., and Johansson T.. 2021. A side-channel attack on a masked IND-CCA secure saber KEM. IACR Cryptology ePrint Archive 2021, 4 (2021), 676–707. DOI: https://doi.org/10.46586/tches.v2021.i4.676-707Google ScholarGoogle Scholar
  43. [43] Oder Tobias, Schneider Tobias, Pöppelmann Thomas, and Güneysu Tim. 2018. Practical CCA2-secure and masked ring-LWE implementation. IACR Transactions on Cryptographic Hardware and Embedded Systems 2018, 1 (2018), 142174. DOI: https://doi.org/10.13154/tches.v2018.i1.142-174Google ScholarGoogle ScholarCross RefCross Ref
  44. [44] Ozcan Erdem and Aysu Aydin. 2020. High-level synthesis of number-theoretic transform: A case study for future cryptosystems. IEEE Embedded Systems Letters 12, 4 (2020), 133136. DOI: https://doi.org/10.1109/LES.2019.2960457Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. [45] Fournaris Apostolos P., Dimopoulos Charis, and Koufopavlou Odysseas. 2020. Profiling dilithium digital signature traces for correlation differential side channel attacks. In Proceedings of the International Conference on Embedded Computer Systems:Architectures, Modeling, and Simulation. Springer, 281294.Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. [46] Park Aesun and Han Dong-Guk. 2016. Chosen ciphertext simple power analysis on software 8-bit implementation of Ring-LWE encryption. In Proceedings of the IEEE Asian Hardware-Oriented Security and Trust. 16. DOI: https://doi.org/10.1109/AsianHOST.2016.7835555Google ScholarGoogle ScholarCross RefCross Ref
  47. [47] Pessl Peter. 2016. Analyzing the shuffling side-channel countermeasure for lattice-based signatures. In Proceedings of the 17th International Conference on Progress in Cryptology. Springer, 153170.Google ScholarGoogle ScholarCross RefCross Ref
  48. [48] Pessl Peter and Primas Robert. 2019. More practical single-trace attacks on the number theoretic transform. In Proceedings of the International Conference on Cryptology and Information Security in Latin America Progress in Cryptology. Springer, 130149.Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. [49] Pöppelmann Thomas and Güneysu Tim. 2012. Towards efficient arithmetic for lattice-based cryptography on reconfigurable hardware. In Proceedings of the 2nd International Conference on Cryptology and Information Security in Latin America. Springer-Verlag, Berlin, 139158. DOI: https://doi.org/10.1007/978-3-642-33481-8_8 Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. [50] Pöppelmann Thomas and Güneysu Tim. 2014. Area optimization of lightweight lattice-based encryption on reconfigurable hardware. In Proceedings of the IEEE International Symposium on Circuits and Systems. 2796-2799.DOI: https://doi.org/10.1109/ISCAS.2014.6865754Google ScholarGoogle Scholar
  51. [51] Primas Robert, Pessl Peter, and Mangard Stefan. 2017. Single-trace side-channel attacks on masked lattice-based encryption. In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems. Springer, 513533.Google ScholarGoogle ScholarCross RefCross Ref
  52. [52] Ravi Prasanna, Bhasin Shivam, Sinha Roy Sujoy, and Chattopadhyay Anupam. 2020. Drop by Drop you break the rock - Exploiting generic vulnerabilities in Lattice-based PKE/KEMs using EM-based Physical Attacks. Cryptology ePrint Archive, Report 2020/549. Retrieved June 9, 2021 from http://eprint.iacr.org/2020/549.Google ScholarGoogle Scholar
  53. [53] Ravi Prasanna, Prasad Jhanwar Mahabir, Howe James, Chattopadhyay Anupam, and Bhasin Shivam. 2018. Side-channel Assisted Existential Forgery Attack on Dilithium-A NIST PQC candidate. Cryptology ePrint Archive Report 2018/821. Retrieved June 9, 2021 from https://eprint.iacr.org/2018/821.pdf.Google ScholarGoogle Scholar
  54. [54] Ravi Prasanna, Roy Sujoy Sinha, Chattopadhyay Anupam, and Bhasin Shivam. 2020. Generic side-channel attacks on CCA-secure lattice-based PKE and KEMs. IACR Transactions on Cryptographic Hardware and Embedded Systems 2020, 3 (2020), 307335. DOI: https://doi.org/10.46586/tches.v2020.i3.307-335Google ScholarGoogle ScholarCross RefCross Ref
  55. [55] Regev Oded. 2009. On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM 56, 6 (2009), 140. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. [56] Reparaz Oscar, Clercq Ruan de, Roy Sujoy Sinha, Vercauteren Frederik, and Verbauwhede Ingrid. 2016. Additively homomorphic ring-LWE masking. In Proceedings of the International Workshop on Post-Quantum Cryptography. Springer, 233244. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. [57] Reparaz Oscar, Roy Sujoy Sinha, Clercq Ruan de, Vercauteren Frederik, and Verbauwhede Ingrid. 2016. Masking ring-LWE. Journal of Cryptographic Engineering 6, 2 (2016), 139153.Google ScholarGoogle ScholarCross RefCross Ref
  58. [58] Reparaz Oscar, Roy Sujoy Sinha, Vercauteren Frederik, and Verbauwhede Ingrid. 2015. A masked ring-LWE implementation. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 683702.Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. [59] Shor Peter W.. 1994. Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings of the 35th Annual Symposium on Foundations of Computer Science. 124134. https://doi.org/10.1109/SFCS.1994.365700 Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. [60] Sim Bo-Yeon, Kwon Jihoon, Lee Joohee, Kim Il-Ju, Lee Taeho, Han Jaeseung, Yoon Hyojin, Cho Jihoon, and Han Dong-Guk. 2020. Single-Trace Attacks on the Message Encoding of Lattice-Based KEMs. Cryptology ePrint Archive, Report 2020/992. Retrieved June 9, 2021 from https://eprint.iacr.org/2020/992.Google ScholarGoogle Scholar
  61. [61] Wang An, Zheng Xuexin, and Wang Zongyue. 2013. Power analysis attacks and countermeasures on NTRU-based wireless body area networks. KSII Transactions on Internet and Information Systems 7, 5 (2013), 10941107.Google ScholarGoogle ScholarCross RefCross Ref
  62. [62] Xu Zhuang, Pemberton Owen, Roy Sujoy Sinha, and Oswald David. 2020. Magnifying Side-Channel Leakage of Lattice- Based Cryptosystems with Chosen Ciphertexts: The Case Study of Kyber. Cryptology ePrint Archive Report 2020/912. Retrieved June 9, 2021 from https://eprint.iacr.org/2020/912.Google ScholarGoogle Scholar
  63. [63] Yang Guang, Li Huizhong, Ming Jingdian, and Zhou Yongbin. 2018. Convolutional neural network based sidechannel attacks in time-frequency representations. In Proceedings of the International Conference on Smart Card Research and Advanced Applications. Springer, 117.Google ScholarGoogle Scholar
  64. [64] Zhang Cong, Liu Zilong, Chen Yuyang, Lu Jiahao, and Liu Dongsheng. 2020. A flexible and generic Gaussian sampler with power side-channel countermeasures for quantum-secure internet of things. IEEE Internet of Things Journal 7, 9 (2020), 81678177.Google ScholarGoogle ScholarCross RefCross Ref
  65. [65] Zhang Yinqian, Juels Ari, Reiter Michael K., and Ristenpart Thomas. 2012. Cross-VM side channels and their use to extract private keys. In Proceedings of the ACM Conference on Computer and Communications Security. ACM, New York, NY, 305316. https://doi.org/10.1145/2382196.2382230 Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. [66] Zheng Xuexin, Wang An, and Wei Wei. 2013. First-order collision attack on protected NTRU cryptosystem. Microprocessors and Microsystems 37, 6 (2013), 601609.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Horizontal Side-Channel Vulnerabilities of Post-Quantum Key Exchange and Encapsulation Protocols

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM Transactions on Embedded Computing Systems
      ACM Transactions on Embedded Computing Systems  Volume 20, Issue 6
      November 2021
      256 pages
      ISSN:1539-9087
      EISSN:1558-3465
      DOI:10.1145/3485150
      • Editor:
      • Tulika Mitra
      Issue’s Table of Contents

      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 18 October 2021
      • Revised: 1 July 2021
      • Accepted: 1 July 2021
      • Received: 1 February 2021
      Published in tecs Volume 20, Issue 6

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article
      • Refereed

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Full Text

    View this article in Full Text.

    View Full Text

    HTML Format

    View this article in HTML Format .

    View HTML Format
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!