International Association for Cryptologic Research

International Association
for Cryptologic Research


Power Analysis on NTRU Prime

Wei-Lun Huang , Academia Sinica
Jiun-Peng Chen , Academia Sinica
Bo-Yin Yang , Academia Sinica
DOI: 10.13154/tches.v2020.i1.123-151
Search ePrint
Search Google
Presentation: Slides
Abstract: This paper applies a variety of power analysis techniques to several implementations of NTRU Prime, a Round 2 submission to the NIST PQC Standardization Project. The techniques include vertical correlation power analysis, horizontal indepth correlation power analysis, online template attacks, and chosen-input simple power analysis. The implementations include the reference one, the one optimized using smladx, and three protected ones. Adversaries in this study can fully recover private keys with one single trace of short observation span, with few template traces from a fully controlled device similar to the target and no a priori power model, or sometimes even with the naked eye. The techniques target the constant-time generic polynomial multiplications in the product scanning method. Though in this work they focus on the decapsulation, they also work on the key generation and encapsulation of NTRU Prime. Moreover, they apply to the ideal-lattice-based cryptosystems where each private-key coefficient comes from a small set of possibilities.
Video from TCHES 2019
  title={Power Analysis on NTRU Prime},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universit├Ąt Bochum},
  volume={2020, Issue 1},
  author={Wei-Lun Huang and Jiun-Peng Chen and Bo-Yin Yang},