 last talk of the session, so Boyan Sim will present Novel site channel attacks on quasi-cycle code-based cryptography. Thank you for your introduction. Hello, I'm Boyan Sim who is studying at Chicago Laboratory of Gungmin University. Today I'm gonna talk about Novel site channel attacks on quasi-cyclic code-based cryptography. This is joint work with Samsung SDS. As you know, the security of public encrypted systems is primarily based on the difficulty of number theory problems, such as vector-large integers or finding discrete logarithms. However, sure proposed an algorithm that can solve such problems in polynomial time given a practical large-scale post-content computer. Since quantum computers become critical threats to the current PKCs, there are an increasing needs for post-content cryptography that is secure against both quantum and classical computers. Therefore, lattice-based, multivariate, hash-based, and code-based cryptography schemes are mainly studied. In December 2016, the NIST announced a couple of proposals for PQC standardization. In the first rounds of missions, 69 proposals were accepted. In the following second round, 26 candidates have been survived and the second PQC standardization conference was held in Santa Barbara last week. Code-based cryptography is one of promising candidates of this PQC standardization. In particular, quasi-cyclic code-based cryptography have recently received extensive attention due to the similar key sizes and efficiency in terms of computational complexity. PQC code consists of circular matrix which loads our cyclic shift of its first one. Then a syndrome of a vector C is calculated as the sum of the multiplications of some matrices. However, the syndrome computation, which is the main operation of PQC code-based cryptography, has been reported to be one of the two timing attacks. Accordingly, Chou suggested a constant time multiplication for PQC code-based cryptography to mitigate timing attacks. The first law of H0 can represent the whole matrix and an array of indices with a value of one is enough to represent H0. Thus, the multiplication of some matrices can be calculated as the sum of vectors left rotated by the index value and they are calculated by constant time multiplication. Here is an example. The vector is expressed as five by the array and an index with a value of one is D. Then firstly, the computation is started from the left rotation with the seven bit. In this example, the D seven is one so the rotated value is selected and saved. Secondly, the left rotation with the six is performed. Since the D six is one, the rotated value is select and saved. Thirdly, the left rotation with D five is performed. Since the D five is also one, the rotated value is select and saved. Lastly, the left rotation with this four is performed. However, the D four is zero, the unrotated value is select and saved. Fifthly, the left rotation with D three is performed. Since the D3 is 1, the rotate value is select and saved. Lastly, the left rotation width from D2 to D0 is performed by the sequence of logical instructions. Since the same logic operations are always performed, it is constant time. This countermeasure was later found to be convenable to differential power analysis. However, the proposed DPA still could not completely recover accurate security indices, requiring for the solving linear equations to obtain entire security information. Then we may have these questions. Is there no method allowed to recover accurate security indices using only side-channel attacks? Our answer is that it is possible to recover accurate security indices using only side-channel information. This is our first contribution. By the way, there are countermeasures effectively removed the information leak against the DPA. Moreover, there are crypto systems using ephemeral key pairs, which inherently provide resistance against DPA. At this time, we may have these questions. Is it impossible to attack using only a single trace? Our answer is that it is possible to recover security indices using only a single trace. This is our second contribution. Our experiment results show that the bike and leather crypt, which are the second-run candidates of the NIST PQC standardization, may become vulnerable to our proposed attacks. Since syndrome computations of these two schemes were not designed to resist side-channel attacks, we assume that the countermeasures are applied to remove each of TA and DPA vulnerability. We divide the attack position into two parts to find D, the word unit rotation to find bits from D7 to D3, and the bit rotation to find bits from D2 to D0. Contrary to the previous attack, our proposed attack exploit the fact that rotation is always carried out, and also that data to be saved is determined by depending on the secret bit value. Thus, the occurrence position of the power consumption associated with the intermediate value is determined according to the secret bit value. This is a power consumption trace of the constant time multiplication. Since software implementation is considered here, the power consumption is assumed to be affected by the hamming weight of the intermediate value. We first categorize properties of the word unit rotation. Here is an example of first property. The rotation is always performed, and unrotated value is chosen when DI is 0. Thus, R is routed and saved in the first loop. Contrary wise, when DI is 1, rotated value is chosen. Thus, R is only routed in the first loop. Therefore, we can find DI by identifying whether a high correlation with R occurs sequentially twice in the first loop. Here is an example of second property. When DI is 1, the rotated value is chosen. Thus, the high correlation with R occurs sequentially twice at the left-rotated position, which is different iteration with the prior key bit, DI plus 1. Contrary wise, when DI is 0, the unrotated value is chosen. Thus, the high correlation with R occurs sequentially twice at the same iteration with the prior key bit, DI plus 1. Subsequently, on the word unit rotation, we can find most significant bits of DI based on the property 1 and can find bits from D6 to D3 based on the property 2. To recover the remaining bits from D2 to D0, we target the bit rotation part. We can calculate the result of the word unit rotation because we found bits from D7 to D3. Thus, we only guess the L value from 0 to 7 when we guess the leftmost word of the result of bit rotation. At this point, the L value and the last three bits, value of D are the same. We mount a correlation power analysis using these two points of interest and find the last bit. 50 traces are sufficient for the attack. As a result, we can accurately recover R's secret indices regardless of word size and security level. The previous DPA could not completely recover accurate security indices. Moreover, it was not even feasible to solve such equations with target crypto systems running on 64-bit processor. Contrary to the previous attack, our proposed attack can recover entire security indices regardless of word size and security level. Next, we explain the proposed single trace attack. The proposed attack exploits the fact that rotation is always carried out and also that the mask value, as determined by the value of the secret bit, is used to obtain accurate result. When calculating the result, the mask and invert mask values, which are decided depending on the I value, are used. Since in software implementations, the power consumption depends on the hamming weight of the intermediate value. It is possible to find secret bit by classifying the power consumption traces into two groups based on the bit-dependent values. We identified where the difference in power consumption distribution of course depending on the key bit-dependent properties. From the comparison with the extra operation, we identified that two distributions are clearly distinguished. One is when the I is 0 and the other is when the I is 1. Hence, the bit from the 7 to the 3 can be accurately found using clustering algorithm. To recover the remaining bits from the 2 to the 0, we target the bit rotation part. The most commonly used 8-bit AVR and 16-bit MSP processors only provide single-bit shift instructions. Thus, a 1-bit right shift operation is repeated L times. And a 1-bit left shift operation is repeated 8 minus L times. Therefore, we can identify the number of 1-bit right shift operations by simple power analysis. At this point, the L value and the last 3-bit value of D are the same. Thus, the remaining bits can be identified. Since the most commonly used 32-bit and 64-bit processors, supports or better separator does multiple bit shifts are performed within a single cycle. It is difficult to identify the last value of D. Thus, 32 and 64 candidates remain respectively, requiring to recover accurate indices with additional algebraic computation. As a result, we can accurately recover our security indices if processors provide single-bit shift instructions. Even if a processor does not provide single-bit shift instructions, we can extract substantial parts of security indices by attacking on the world unit rotation part. Our experiments results show that the bike and leather crypt, which are constructed using QC-NDPs and QC-LDPs codes, respectively, may become vulnerable to our proposed attacks. Since syndrome computations of these two schemes were not designed to resist side-to-side attacks, we assume that the countermeasures are applied to remove each of TA and DPA vulnerability. Cryptosystems using ephemeral key pairs inherently provide resistance against multiple-traces attacks. In this case, bike 1, we can find H with our proposed attack during syndrome computation. Whereas, in the case of bike 2 and 3, it is possible to find H0. Then it is possible to calculate H1 using the recovered H0 and the public key F. Since we obtain the secret H, it can be used to perform bit-flipping decoding to extract a secret message from a received vector over a public code. In the case of leather crypt, PKC, the secret indices that represent L can be recovered with our proposed attack. In the case of leather crypt, L and 0 minus 1 can be recovered by our proposed attacks. Consequently, it is possible to derive L using the recovered L and 0 minus 1 and the public key P. Accordingly, not only L, but also the secret message can also be retrieved. In conclude, we propose a multiple-trace attack, which enables to completely recover or create security indices and also a single-trace attack, which can even work when using ephemeral key or applying existing DPA countermeasures. We also discussed that the bike and leather crypt may become vulnerable to our proposed attacks. As for the single-trace attack, the hiding methods such as random noise and dummy operation can be applied to increase attack complexity. It would be one of the interesting feature research topic to construct theoretically sound countermeasure against the single-trace attack proposed in this paper. Thanks for your attention. Any question? I have a question. Did you have the chance to talk with the design team of the ciphers? Do they have any comments? No, not yet. No? Yeah. So let's thank the speaker again. Time for lunch.