Safeguarding Tomorrow's Secrets: Simple Power Analysis on Post-Quantum Cryptosystems

The Quantum Threat and Cryptographic Resilience

      The advent of quantum computing presents a profound challenge to current cryptographic standards. Existing encryption methods, once considered impregnable, could theoretically be broken by quantum algorithms, necessitating a global shift towards Post-Quantum Cryptography (PQC). PQC schemes are designed to withstand attacks from both classical and quantum computers, securing our digital communications for decades to come. Among these, code-based cryptosystems like McEliece and Bit-Flip Key Encapsulation (BIKE) are promising candidates, engineered to resist known mathematical vulnerabilities.

      While PQC algorithms offer theoretical robustness, their practical implementation introduces new risks. This is where Side-Channel Attacks (SCA) become critical. Unlike traditional attacks that exploit mathematical weaknesses, SCA observe unintended information leakage from a system’s physical operation. This can include power consumption patterns, electromagnetic emissions, or even timing variations during cryptographic computations. Such physical leakage can inadvertently reveal sensitive internal data, making even theoretically secure algorithms vulnerable in real-world deployments. Evaluating and mitigating these side-channel vulnerabilities is paramount, particularly for embedded systems and resource-constrained devices, where robust countermeasures are often difficult to implement.

Understanding Simple Power Analysis (SPA)

      Simple Power Analysis (SPA) is a fundamental type of Side-Channel Attack that interprets the power consumption or electromagnetic emissions of a device to infer cryptographic secrets. It leverages the principle that different operations within a cryptographic algorithm often consume varying amounts of power or emit distinct electromagnetic signatures. By capturing and analyzing these patterns, attackers can often discern critical steps or data values within the algorithm's execution.

      The simplicity of SPA lies in its ability to reveal information without requiring sophisticated statistical analysis or a large number of attack traces, unlike more complex differential power analysis techniques. If the power signatures of different operations or data values are sufficiently distinct, secrets can be uncovered even with basic equipment. This makes SPA a significant threat, especially for systems where physical access is possible and cryptographic operations are executed in a predictable manner, underlining the importance of secure hardware and software implementations. For high-security identity solutions, for instance, even an on-premise Face Recognition & Liveness SDK must be architected with resistance to such physical attacks in mind.

Post-Quantum Cryptosystems Under the Microscope

      McEliece and BIKE are two prominent code-based PQC algorithms currently under consideration for standardization by the National Institute of Standards and Technology (NIST). These cryptosystems rely on the mathematical complexity of decoding general linear codes, a problem believed to be intractable even for quantum computers. While they effectively counter classical structural attacks through careful key size selection, their physical implementations on real hardware can still introduce exploitable side channels.

      The focus of a recent study was to evaluate the information leakage during the decapsulation phase of these algorithms, specifically when the shared secret key is generated. This phase is crucial as it involves handling the ephemeral key, which is the immediate target for an attacker. The research aimed to determine if secret values could be correlated with observable physical characteristics like electromagnetic emissions, even when using relatively low-cost measurement equipment.

The Low-Cost Experiment Setup

      To investigate these vulnerabilities, an experimental setup analogous to a real-world SPA scenario was constructed using readily available, low-cost hardware. The core components included a Raspberry Pi 3, serving as the Device Under Test (DUT), responsible for executing the cryptographic operations. A shunt resistor was integrated to measure minute voltage drops, indicative of power consumption, during these operations. An operational amplifier (op-amp) then amplified these small voltage signals to a measurable range.

      Finally, a Raspberry Pi Pico, a low-cost microcontroller, was employed to translate and store these amplified voltage variations, effectively monitoring the cryptographic processes. This setup, while affordable, inherently introduced trade-offs such as lower sampling resolution and increased noise, yet it proved sufficient to detect significant information leakage. The experiment specifically utilized the Python wrapper of the Open Quantum Safe (OQS) library, implementing McEliece and BIKE at NIST security level-3. Each captured trace corresponded to a distinct decapsulation phase, capturing the moment the shared secret key was generated (Source: Simple Power Analysis on Post-Quantum Code Based Cryptosystems). For organizations seeking to deploy advanced edge AI solutions, technologies like the ARSA AI Box Series are designed with consideration for such real-world hardware and operational environments, where understanding physical security is paramount.

Quantifying Leakage with Statistical Correlation

      To analyze the captured data, the researchers applied the statistical method of null hypothesis testing, combined with correlation analysis. The null hypothesis posited that "Software implementations of code-based post-quantum cryptography do not leak information." To challenge this, the correlation coefficient (ρ) was calculated between the detected voltage power measurements (x) and the Hamming weight of the last byte of the generated shared secret key (y).

      The correlation coefficient ρ ranges from -1 to 1: 0 indicates no correlation, while -1 or 1 signifies absolute negative or positive correlation, respectively. Based on established literature, a ρ value greater than 0.1 is typically considered indicative of significant information leakage. The experimental results for both McEliece and BIKE demonstrated ρ values exceeding this threshold. For instance, in the McEliece decapsulation process, distinct voltage spikes were observed to correspond directly with high variations in ρ, implying measurable and temporally aligned power leakage. Similarly, BIKE also showed a correlation exceeding the 0.1 threshold. These findings led to the rejection of the null hypothesis, confirming that both algorithms, despite their theoretical strength, indeed leak exploitable information through simple power analysis.

Machine Learning Uncovers Secret Bits

      Building on the statistical evidence of information leakage, the study further explored the potential for Machine Learning (ML) models to predict secret bits from the collected power traces. Using only 200 power traces, various well-known classifiers were trained. The samples from each power trace served as the input features (X) for the ML models, while the corresponding secret bits from the shared session key were used as the labels (Y) for training. This demonstrates a practical way to analyze real-time data, much like how ARSA AI Video Analytics processes live video streams for actionable intelligence.

      The results were notable: the ML models achieved a significant probability of predicting secret bits, notably higher than a random guess. Specifically, the models showed a greater likelihood of predicting bit '1' over bit '0', a phenomenon attributed to the higher voltage spikes associated with the logical state of bit '1' during processing. For the McEliece cryptosystem, the F1 score, a measure of a model's accuracy combining precision and recall, consistently exceeded 0.65. This indicated that McEliece, in particular, exhibited scalable information leakage that could be practically exploited by ML techniques, highlighting a critical vulnerability in its implementation.

Implications for Secure Enterprise Deployments

      The findings of this research underscore a critical reality in cybersecurity: even next-generation cryptographic algorithms, designed to be resilient against quantum computers, can be vulnerable to basic physical attacks if not implemented with robust side-channel countermeasures. The ability to extract sensitive information from power traces using low-cost equipment and machine learning has profound implications for enterprises deploying AI and IoT solutions, especially in sectors requiring high security and privacy.

      For critical infrastructure, government, and commercial enterprises, ensuring the physical security of cryptographic operations is as important as their mathematical integrity. Future work will focus on evaluating masking countermeasures, which aim to obfuscate the power consumption patterns to prevent such leakage. This research highlights the ongoing need for rigorous testing and secure design practices in hardware implementations to protect against advanced persistent threats, ensuring that the promise of PQC is fully realized in practical, secure systems.

      For organizations navigating the complexities of implementing secure AI and IoT technologies, understanding these subtle yet significant vulnerabilities is crucial. To explore how ARSA Technology integrates privacy-by-design and robust security into its AI and IoT solutions, you are invited to contact ARSA for a free consultation.