Projects per year
Abstract
Simple power analysis (SPA) attacks and their extensions, profiled and soft-analytical side-channel attacks (SASCA), represent a significant threat to the security of cryptographic devices and remain among the most powerful classes of passive side-channel attacks. In this work, we analyze how numeric representations of secrets can affect the amount of exploitable information leakage available to the adversary.
We present an analysis of how mutual information changes as a result of the integer ring size relative to the machine word-size. Furthermore, we study the Redundant Number Representation (RNR) countermeasure and show that its application to ML-KEM can resist the most powerful SASCA attacks and provides a low-cost alternative to shuffling. We evaluate the performance of RNR-ML-KEM with both simulated and practical SASCA experiments on the ARM Cortex-M4 based on a worst-case attack methodology. We show that RNR-ML-KEM sufficiently renders these attacks ineffective. Finally, we evaluate the performance of the RNR-ML-KEM NTT and INTT and show that SPA security can be achieved with a 62.8% overhead for the NTT and 0% overhead for the INTT relative to the ARM Cortex-M4 reference implementation used.
We present an analysis of how mutual information changes as a result of the integer ring size relative to the machine word-size. Furthermore, we study the Redundant Number Representation (RNR) countermeasure and show that its application to ML-KEM can resist the most powerful SASCA attacks and provides a low-cost alternative to shuffling. We evaluate the performance of RNR-ML-KEM with both simulated and practical SASCA experiments on the ARM Cortex-M4 based on a worst-case attack methodology. We show that RNR-ML-KEM sufficiently renders these attacks ineffective. Finally, we evaluate the performance of the RNR-ML-KEM NTT and INTT and show that SPA security can be achieved with a 62.8% overhead for the NTT and 0% overhead for the INTT relative to the ARM Cortex-M4 reference implementation used.
| Original language | English |
|---|---|
| Title of host publication | Selected Areas of Cryptography (SAC) 2025 |
| DOIs | |
| Publication status | Accepted/In press - 25 Mar 2025 |
| Event | 32nd Selected Areas in Cryptography, SAC 2025 - Toronto Metropolitan University , Toronto, Canada Duration: 13 Aug 2025 → 15 Aug 2025 Conference number: 32 http://sacworkshop.org |
Conference
| Conference | 32nd Selected Areas in Cryptography, SAC 2025 |
|---|---|
| Abbreviated title | SAC2025 |
| Country/Territory | Canada |
| City | Toronto |
| Period | 13/08/25 → 15/08/25 |
| Internet address |
Keywords
- Power Analysis
- ML-KEM
- SASCA
- countermeasures
Fields of Expertise
- Information, Communication & Computing
Fingerprint
Dive into the research topics of 'Efficient SPA Countermeasures using Redundant Number Representation with Application to ML-KEM'. Together they form a unique fingerprint.-
Special Research Area (SFB) F85 Semantic and Cryptographic Foundations of Security and Privacy by Compositional Design
Mangard, S. (Project manager on research unit)
1/01/23 → 31/12/26
Project: Research project
-
AWARE - Hardware-Ensured Software Security
Mangard, S. (Consortium manager resp. coordinator with external organisations) & Mangard, S. (Project manager on research unit)
1/05/22 → 30/04/25
Project: Research project