Jan-Pieter D’Anvers's research while affiliated with KU Leuven and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (21)
![Maximum and minimum values of m [i] for each possible value of its...](publication/378956576/figure/tbl1/AS:11431281229373831@1710426630046/Maximum-and-minimum-values-of-m-i-for-each-possible-value-of-its-Hamming-weight-that_Q320.jpg)
In an effort to circumvent the high cost of standard countermeasures against side-channel attacks in post-quantum cryptography, some works have developed low-cost detection-based countermeasures. These countermeasures try to detect maliciously generated input ciphertexts and react to them by discarding the ciphertext or secret key. In this work, we...
Homomorphic encryption (HE) enables calculating on encrypted data, which makes it possible to perform privacypreserving neural network inference. One disadvantage of this technique is that it is several orders of magnitudes slower than calculation on unencrypted data. Neural networks are commonly trained using floating-point, while most homomorphic...
Arithmetic to Boolean masking (A2B) conversion is a crucial technique in the masking of lattice-based post-quantum cryptography. It is also a crucial part of building a masked comparison which is one of the hardest to mask building blocks for active secure lattice-based encryption. We first present a new method, called one-hot conversion, to effici...
In this work, we propose generic and novel adaptations to the binary Plaintext-Checking (PC) oracle based side-channel attacks for Kyber KEM. These attacks operate in a chosen-ciphertext setting, and are fairly generic and easy to mount on a given target, as the attacker requires very minimal information about the target device. However, these atta...
Fully Homomorphic Encryption is a technique that allows computation on encrypted data. It has the potential to drastically change privacy considerations in the cloud, but high computational and memory overheads are preventing its broad adoption. TFHE is a promising Torus-based FHE scheme that heavily relies on bootstrapping, the noise-removal tool...
Side-channel attacks are formidable threats to the cryptosystems deployed in the real world. An effective and provably secure countermeasure against side-channel attacks is masking. In this work, we present a detailed study of higher-order masking techniques for the key-encapsulation mechanism Saber. Saber is one of the lattice-based finalist candi...
Checking the equality of two arrays is a crucial building block of the Fujisaki-Okamoto transformation, and as such it is used in several post-quantum key encapsulation mechanisms including Kyber and Saber. While this comparison operation is easy to perform in a black box setting, it is hard to efficiently protect against side-channel attacks. For...
Many lattice-based encryption schemes are subject to a very small probability of decryption failures. It has been shown that an adversary can efficiently recover the secret key using a number of ciphertexts that cause such a decryption failure. In PKC 2019, D’Anvers et al. introduced ‘failure boosting’, a technique to speed up the search for decryp...
Masked comparison is one of the most expensive operations in side-channel secure implementations of lattice-based post-quantum cryptography, especially for higher masking orders. First, we introduce two new masked comparison algorithms, which improve the arithmetic comparison of D'Anvers et al. [1] and the hybrid comparison method of Coron [2] resp...
Masking is a popular technique to protect cryptographic implementations against side-channel attacks and comes in several variants including Boolean and arithmetic masking. Some masked implementations require conversion between these two variants, which is increasingly the case for masking of post-quantum encryption and signature schemes. One way t...
In this work, we are concerned with the hardening of post-quantum key encapsulation mechanisms (KEM) against side-channel attacks, with a focus on the comparison operation required for the Fujisaki-Okamoto (FO) transform. We identify critical vulnerabilities in two proposals for masked comparison and successfully attack the masked comparison algori...
The candidates for the NIST Post-Quantum Cryptography standardization have undergone extensive studies on efficiency and theoretical security, but research on their side-channel security is largely lacking. This remains a considerable obstacle for their real-world deployment, where side-channel security can be a critical requirement. This work desc...
Lattice-based encryption schemes are often subject to the possibility of decryption failures, in which valid encryptions are decrypted incorrectly. Such failures, in large number, leak information about the secret key, enabling an attack strategy alternative to pure lattice reduction. Extending the “failure boosting” technique of D’Anvers et al. in...
While error correcting codes (ECC) have the potential to significantly reduce the failure probability of post-quantum schemes, they add an extra ECC decoding step to the algorithm. Even though this additional step does not compute directly on the secret key, it is susceptible to side-channel attacks. We show that if no precaution is taken, it is po...
Current estimation techniques for the probability of decryption failures in Ring/Mod-LWE/LWR based schemes assume independence of the failures in individual bits of the transmitted message to calculate the full failure rate of the scheme. In this paper we disprove this assumption both theoretically and practically for schemes based on Ring/Mod-Lear...
In this paper, we introduce Saber, a package of cryptographic primitives whose security relies on the hardness of the Module Learning With Rounding problem (Mod-LWR). We first describe a secure Diffie-Hellman type key exchange protocol, which is then transformed into an IND-CPA encryption scheme and finally into an IND-CCA secure key encapsulation...
Citations
... • The second impediment revolves around the power efficiency-or lack thereof-in pre-existing TFHE accelerators. Their DSP [3] or CMOS ASIC [13,18] platforms for FFT and IFFT ((I)FFT 1 ) are notorious energy consumers. Indeed, FFT and IFFT kernel processing is responsible for a ∼ 55% [13,18] problem. ...
... The research conducted by Rajendran and colleagues [49] presents an oracle-based framework where it is assumed that the attacker has physical access to a target device executing the Kyber Key Encapsulation Mechanism (KEM) decapsulation process using the pqm4 implementation [28]. The attacker is capable of interacting with the target device by submitting selected ciphertexts according to their preferences. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/319529341652994-1453193139600_Q64/Shivam-Bhasin.jpg)
![[object Object]](https://i1.rgstatic.net/ii/profile.image/273631733350404-1442250297373_Q64/Anupam-Chattopadhyay.jpg)
... This ongoing effort includes exploring alternative parameter choices, optimizing error correction codes, and addressing potential side-channel vulnerabilities, etc. For example, Scabbard (a suite of KEM schemes proposed by Mera et al. [7]) improved on Saber [8], the NIST PQC finalist. SMAUG which is a candidate scheme submitted to the ongoing Korean PQC standardization [9] has been heavily influenced by the design elements of Scabbard. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/447880075976708-1483794339739_Q64/Sujoy-Sinha-Roy.jpg)
... The side-channel attack presented [2] is performed on a firstorder masked software implementation of Saber KEM which, at that time, was the only NIST round 3 candidate having a publicly available protected implementation. In response to the attacks, a new, higher-order masked implementation of Saber KEM has been recently released [4], in which all known vulnerabilities are patched. Our contributions: In this paper, we show that the higher-order masked implementation of Saber from [4] has an exploitable vulnerability in its arithmetic to Boolean conversion procedure A2B bitsliced msg(). ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/987275768918018-1612396294436_Q64/Michiel-Van-Beirendonck.jpg)
... Several implementations of Saber [4,18] and CRYSTALS-Kyber [6,12,13] protected by masking have been presented. ...
... This increase in security comes at the cost of an increase in the decryption failure rate (DFR). Although this is straightforward, one must also take into consideration that the DFR has to be below the bound set by the NIST (2 −128 ) in order to be safe against decryption failure attacks [7]. That is why Polar Codes are introduced, in order to decrease the DFR and to take advantage of this excess DFR in order to be used to increase the security. ...
... Recent research on this lattice encryption has taken a variety of forms. For example, there have been various studies on its mathematical properties and efficient algorithms [5]- [10], some variations [11], electronic voting [12], Blockchains [13], and its protection from fault or DPA [14], [15], and other invasions using the techniques of masking [16]. Furthermore, research on the hardware structure is ongoing [17], and their applications are used in the design of qTESLA [18], [19]. ...
... CCAs seek to receive the secret key. These studies explore CCAs for different processes inside lattice-based KEMs [36,37]. These operations include the Fujisaki-Okamoto (FO) transform, message encoding/decoding, inverse Number Theoretic Transform (NTT), and error-correcting codes. ...
... The table-based A2B conversion algorithm proposed in [CT03] can significantly improve the efficiency of A2B at a particular expense of additional memory consumption. However, there is a flaw in their algorithm, which has been continuously revised in [Deb12] and [VDV21]. ...
... No such solution is used for known PQC schemes since its instantiation is more challenging, less generic and presumably more expensive than the FO transform. D'Anvers, Orsini and Vercauteren developed alternative ciphertext transformations to the FO transform for lattice-based encryption in [DOV21]. These alternatives are based on error term checking and do not apply to schemes such as NewHope, Kyber and Saber. ...
