[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

What a lovely hat

Is it made out of tin foil?

Paper 2024/041

SASTA: Ambushing Hybrid Homomorphic Encryption Schemes with a Single Fault

Aikata Aikata, Graz University of Technology
Ahaan Dabholkar, Purdue University West Lafayette
Dhiman Saha, Indian Institute of Technology Bhilai
Sujoy Sinha Roy, Graz University of Technology
Abstract

The rising tide of data breaches targeting large data storage centres and servers has raised serious privacy and security concerns. Homomorphic Encryption schemes offer an effective defence against such attacks, but their adoption has been hindered by substantial computational and communication overheads, particularly on the client's side. The Hybrid Homomorphic Encryption (HEE) protocol was developed to mitigate these issues. However, the susceptibility of HHE to strong attacks, specifically physical attacks, has been largely unexplored. While physical attacks like the Differential Fault Analysis (DFA) have proved very effective in the field of symmetric cryptography, prior works have largely relied on strong assumptions like nonce reuse, limiting their feasibility in a real-world setting. In this work, we introduce a novel attack- SASTA, which presents, to the best of our knowledge, the first generalized analysis of HHE under DFA. Our analysis uncovers a significant limitation of the HHE protocol where a single fault leads to complete key recovery not only for the standard scheme-AES but also for the new HHE tailored Symmetric Encryption (SE) schemes -- RASTA, PASTA, MASTA, and HERA. We further extend SASTA to effectively target Authenticated Transciphering protocols. Unlike prior works, the key advantage of SASTA is that it does not require nonce reuse. We demonstrate a proof-of-concept of our attack on an off-the-shelf ATXmega128D4-AU microcontroller running HHE firmware and mount end-to-end key recovery attacks. Finally, we discuss conventional countermeasures to defend against SASTA. Our work highlights that despite HHE's advantages of improving performance and reducing communication overhead, further analysis of its security guarantees is required.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Homomorphic EncryptionHybrid EncryptionTranscipheringFault attacksAES-GCMPASTAHERARASTARUBATO
Contact author(s)
aikata @ iaik tugraz at
adabholk @ purdue edu
dhiman @ iitbhilai ac in
sujoy sinharoy @ iaik tugraz at
History
2024-05-01: revised
2024-01-10: received
See all versions
Short URL
https://ia.cr/2024/041
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/041,
      author = {Aikata Aikata and Ahaan Dabholkar and Dhiman Saha and Sujoy Sinha Roy},
      title = {{SASTA}: Ambushing Hybrid Homomorphic Encryption Schemes with a Single Fault},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/041},
      year = {2024},
      url = {https://eprint.iacr.org/2024/041}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.