Post quantum encryption will show power vulnerabilities

Technology News |
By Nick Flaherty

Post quantum encryption will change the vulnerabilities of devices to side channel attacks and power system design.

Many types of encryption are vulnerable to attack by quantum computers, so the industry has been looking at what kind of algorithms will not be vulnerable. NIST in the US is currently running a competition to find the best algorithms for post quantum encryption. The initial list of 69 contributions cnsidered to be complete has been reduced to 26 for closer examination over this summer, with two or three expected to emerge as the preferred solutions.

Rambus is working on one of the algorithms being considered, called the Three Bears, which has a range of performacne levels. “We are hopeful it will move to the next level, when we would talk with other vendors,” said Dr Helena Handschuh, Security Technologies Fellow at Rambus (above). “We have an implementation of it for the submission and then we would see how we integrate it into IP. We have started prototyping other primitives, looking at performance,” she said. “Not all of them require changes in hardware but all of them used symmetric primitives that are easier to accelerate in hardware.

While the hardware may not change from today’s enryption algorithms, Rambus has also been looking at the implications of the new algorithms for side channel attacks, especially differential power analysis (DPA). This uses knowledge of the power consumption captured from the phiyical chip to work out how data is moved between registers and so discover the secret encryption key.

“Once the algorithms are implemented you need to make sure the implementation doesn’t leave it vulnerable. So you need to understand how the algorithms are implemented and why the hardware would leak more or less,” she said.  

“There’s much more mixing of asymmetric and symmetric primitives and that requires heavier conversions eg from arithmetic to Boolean.  There is also one particular element that is needed to verify your computation before transmitting the results and this step is different, and that’s a place that might show up as leakage,” she said.

“When you manipulate the secret the bits are written back into registers and that can leak, then some of the primitives are computed in arithmetic domain then move to Boolean and it is a known difficult problem to protect these transitions from leaking. A linear operation in Boolean operation can be masked with a random value, and you can do the same thing in the arithmetic world, but how you swap from one to the other is a significant challenge, so the more of these you have to do the more performance issues you will have so this is a key performance bottleneck.”

Rambus uses the open source RISC-V core for its hardware, as Handschuh is chair of the RISC-V Foundation’s security standing committee. However, she says the move to post quantum encryption will take time.

“We are starting to prototype the root of trust in software today and accelerating hardware as soon as the smaller portfolio is known over the summer,” she said. “We’ve seen interest from hardware security module vendors who want to customise algorithms in hardware so they are looking for IP from a number of candidates so their customers can program the algorithms and assess the primitives,” she said. “They look for IP that allows them to be more flexible.”

“In post quantum we have barely started and right now we are trying to understand how efficient quantum computers will be in attacking the algorithms, so this process will take 6 or 7 years until there’s a portfolio and then it will be many, many years for everyone to agree on,” she said.

Related articles


Linked Articles
eeNews Power