{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,17]],"date-time":"2025-12-17T08:51:16Z","timestamp":1765961476585,"version":"3.30.1"},"reference-count":0,"publisher":"Universitatsbibliothek der Ruhr-Universitat Bochum","license":[{"start":{"date-parts":[[2021,11,19]],"date-time":"2021-11-19T00:00:00Z","timestamp":1637280000000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["TCHES"],"abstract":"<jats:p>In this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they are secure in the chosen-ciphertext model. Our attacks involve the construction of malformed ciphertexts. When decapsulated by the target device, these ciphertexts ensure that a targeted intermediate variable becomes very closely related to the secret key. An attacker, who can obtain information about the secret-dependent variable through side-channels, can subsequently recover the full secret key. We propose several novel CCAs which can be carried through by using side-channel leakage from the decapsulation procedure. The attacks instantiate three different types of oracles, namely a plaintext-checking oracle, a decryptionfailure oracle, and a full-decryption oracle, and are applicable to two NTRU-based schemes, which are NTRU and NTRU Prime. The two schemes are candidates in the ongoing NIST standardization process for post-quantum cryptography. We perform experimental validation of the attacks on optimized and unprotected implementations of NTRU-based schemes, taken from the open-source pqm4 library, using the EM-based side-channel on the 32-bit ARM Cortex-M4 microcontroller. All of our proposed attacks are capable of recovering the full secret key in only a few thousand chosen ciphertext queries on all parameter sets of NTRU and NTRU Prime. Our attacks, therefore, stress on the need for concrete side-channel protection strategies for NTRUbased KEMs.<\/jats:p>","DOI":"10.46586\/tches.v2022.i1.722-761","type":"journal-article","created":{"date-parts":[[2021,11,19]],"date-time":"2021-11-19T13:42:44Z","timestamp":1637329364000},"page":"722-761","source":"Crossref","is-referenced-by-count":8,"title":["Will You Cross the Threshold for Me?"],"prefix":"10.46586","author":[{"given":"Prasanna","family":"Ravi","sequence":"first","affiliation":[]},{"given":"Martianus Frederic","family":"Ezerman","sequence":"additional","affiliation":[]},{"given":"Shivam","family":"Bhasin","sequence":"additional","affiliation":[]},{"given":"Anupam","family":"Chattopadhyay","sequence":"additional","affiliation":[]},{"given":"Sujoy","family":"Sinha Roy","sequence":"additional","affiliation":[]}],"member":"25480","published-online":{"date-parts":[[2021,11,19]]},"container-title":["IACR Transactions on Cryptographic Hardware and Embedded Systems"],"original-title":[],"link":[{"URL":"https:\/\/tosc.iacr.org\/index.php\/TCHES\/article\/download\/9313\/8878","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/tosc.iacr.org\/index.php\/TCHES\/article\/download\/9313\/11147","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/tosc.iacr.org\/index.php\/TCHES\/article\/download\/9313\/8878","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,10]],"date-time":"2024-12-10T14:02:58Z","timestamp":1733839378000},"score":1,"resource":{"primary":{"URL":"https:\/\/tosc.iacr.org\/index.php\/TCHES\/article\/view\/9313"}},"subtitle":["Generic Side-Channel Assisted Chosen-Ciphertext Attacks on NTRU-based KEMs"],"short-title":[],"issued":{"date-parts":[[2021,11,19]]},"references-count":0,"URL":"https:\/\/doi.org\/10.46586\/tches.v2022.i1.722-761","relation":{},"ISSN":["2569-2925"],"issn-type":[{"type":"electronic","value":"2569-2925"}],"subject":[],"published":{"date-parts":[[2021,11,19]]}}}