Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SHIFT SNARE: Uncovering Secret Keys in FALCON via Single-Trace Analysis

Jinyi Qiu, Aydin Aysu

TL;DR

This work shows a practical single-trace side-channel attack on FALCON that targets the discrete Gaussian sampling in key generation, enabling full secret-key recovery from one power trace on an embedded ARM Cortex-M4 device. By exploiting a leakage mechanism linked to the negation of a $63$-bit right-shift on intermediate values, the authors recover the secret polynomials $f$ and $g$ with a two-point leakage model and a CPA-based template. They validate the attack on both reference and optimized NIST-submission implementations and quantify success rates that approach unity for per-coefficient recovery and exceed 99.999% for full-key recovery in both FALCON-512 and FALCON-1024. The results highlight a practical vulnerability in current software for embedded post-quantum signatures and stress the need for single-trace–resilient countermeasures in real-world deployments.

Abstract

This paper presents a novel singletrace sidechannel attack on FALCON a latticebased postquantum digital signature protocol recently approved for standardization by NIST We target the discrete Gaussian sampling operation within FALCONs key generation scheme and demonstrate that a single power trace is sufficient to mount a successful attack Notably negating the results of a 63bit rightshift operation on 64bit secret values leaks critical information about the assignment of 1 versus 0 to intermediate coefficients during sampling These leaks enable full recovery of the secret key We demonstrate a groundup approach to the attack on an ARM CortexM4 microcontroller executing both the reference and optimized implementations from FALCONs NIST round 3 software package We successfully recovered all of the secret polynomials in FALCON We further quantify the attackers success rate using a univariate Gaussian template model providing generalizable guarantees Statistical analysis with over 500000 tests reveals a percoefficient success rate of 999999999478 and a fullkey recovery rate of 9999994654 for FALCON512 We verify that this vulnerability is present in all implementations included in FALCONs NIST submission package This highlights the vulnerability of current software implementations to singletrace attacks and underscores the urgent need for singletrace resilient software in embedded systems

SHIFT SNARE: Uncovering Secret Keys in FALCON via Single-Trace Analysis

TL;DR

This work shows a practical single-trace side-channel attack on FALCON that targets the discrete Gaussian sampling in key generation, enabling full secret-key recovery from one power trace on an embedded ARM Cortex-M4 device. By exploiting a leakage mechanism linked to the negation of a -bit right-shift on intermediate values, the authors recover the secret polynomials and with a two-point leakage model and a CPA-based template. They validate the attack on both reference and optimized NIST-submission implementations and quantify success rates that approach unity for per-coefficient recovery and exceed 99.999% for full-key recovery in both FALCON-512 and FALCON-1024. The results highlight a practical vulnerability in current software for embedded post-quantum signatures and stress the need for single-trace–resilient countermeasures in real-world deployments.

Abstract

This paper presents a novel singletrace sidechannel attack on FALCON a latticebased postquantum digital signature protocol recently approved for standardization by NIST We target the discrete Gaussian sampling operation within FALCONs key generation scheme and demonstrate that a single power trace is sufficient to mount a successful attack Notably negating the results of a 63bit rightshift operation on 64bit secret values leaks critical information about the assignment of 1 versus 0 to intermediate coefficients during sampling These leaks enable full recovery of the secret key We demonstrate a groundup approach to the attack on an ARM CortexM4 microcontroller executing both the reference and optimized implementations from FALCONs NIST round 3 software package We successfully recovered all of the secret polynomials in FALCON We further quantify the attackers success rate using a univariate Gaussian template model providing generalizable guarantees Statistical analysis with over 500000 tests reveals a percoefficient success rate of 999999999478 and a fullkey recovery rate of 9999994654 for FALCON512 We verify that this vulnerability is present in all implementations included in FALCONs NIST submission package This highlights the vulnerability of current software implementations to singletrace attacks and underscores the urgent need for singletrace resilient software in embedded systems

Paper Structure

This paper contains 23 sections, 7 equations, 7 figures, 2 algorithms.

Table of Contents

  1. Introduction
  2. background
  3. The Generation of FALCON's Secret Polynomial
  4. Comparison to Previous Attacks on FALCON
  5. Threat Model
  6. Underlying mechanism of the Attack
  7. The Operations That Leak
  8. Only Two Variables Needed
  9. Exploiting the Found Vulnerability
  10. Inspecting the Power Trace
  11. Pinpointing the Point of Interest
  12. Evaluating the Single-Trace Vulnerability
  13. Measurement Setup
  14. Attack Results
  15. Results on -(t & (f 1))
  16. ...and 8 more sections

Figures (7)

  • Figure 1: Visual Demonstration of the Vulnerability: The top figure illustrates the power consumption profile of the device during the key generation process. The middle figure provides a zoomed-in view of the power consumption during a specific vulnerable segment in the code. The bottom right figure offers a further magnified view and the average power consumption for two distinct cases of secret value assignment ('0' versus '-1'). The bottom left figure presents the results of a univariate Gaussian model distinguishing these two classes over 500,000 trials. The analysis reveals that different assignments of secret intermediate values cause significant variations in power consumption. This demonstrates the practicality of mounting an attack with a substantial success rate.
  • Figure 2: Power traces of the leaky operation under varying inputs are presented. The blue trace depicts the power consumption during the leaky operation when the secret is assigned the value '0', while the orange trace shows the power consumption when the secret is assigned '-1'. A distinct difference in power consumption between the two cases is observable.
  • Figure 3: The full power trace of the subroutine running on the target device (an STM32F417 development board containing an ARM Cortex-M4 CPU) is shown. The two outer-loop executions and the 26 inner-loop executions are clearly observable.
  • Figure 4: Correlation power analysis (CPA) results: For the first attack point, the leaky operation occurs around timestamps 2004 and 3300, corresponding to correlation values of 0.996 and 0.977. For the second point, the leaky operation occurs around timestamp 19460, corresponding to a correlation value of 0.992.
  • Figure 5: Equipment for trace acquisition includes devices for measuring the power consumption of the target system. A current probe is used to capture the power consumption, outputting a voltage proportional to the measured power. The data is then transmitted to an oscilloscope, which digitizes the output for further analysis.
  • ...and 2 more figures