Skip to main content

Cache-Side-Channel Quantification and Mitigation for Quantum Cryptography

  • 1123 Accesses

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12973)

Abstract

Quantum cryptography allows one to transmit secret information securely, based on the laws of quantum physics. It consists of (1) the transmission of physical particles like photons and (2) the software-based processing of measurements during the transmission. Quantum key distribution (QKD), e.g., transmits material for establishing a shared crypto key in this way. The key material is encoded into the particles in a way that leakage can be detected and mitigated via so-called privacy amplification.

In this article, we investigate the role of the software implementation for the security of quantum cryptography. More concretely, we quantify the security of QKD software against cache side channels and show how to integrate cache-side-channel mitigation with the privacy amplification in QKD. We evaluate our approach at one variant of a QKD software that is in practical use. During our evaluation, we detect a cache-side-channel vulnerability, for which we develop a parametric mitigation that combines privacy amplification and program rewriting. We propose a cost model for the combined mitigation, which allows one to optimize the interaction between privacy amplification and program rewriting for the mitigation.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-88428-4_12
  • Chapter length: 22 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   89.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-88428-4
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   119.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

Notes

  1. 1.

    Available at https://www.mais.informatik.tu-darmstadt.de/qkd-esorics21.html.

References

  1. Acıiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES (short paper). In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 112–121. Springer, Heidelberg (2006). https://doi.org/10.1007/11935308_9

    CrossRef  Google Scholar 

  2. Ali, M., Rau, A.R.P., Alber, G.: Quantum discord for two-qubit \(X\) states. Phys. Rev. A 81(4), 042105-1–042105-7 (2010)

    Google Scholar 

  3. Alvim, M.S., Chatzikokolakis, K., Palamidessi, C., Smith, G.: Measuring information leakage using generalized gain functions. In: CSF, pp. 265–279 (2012)

    Google Scholar 

  4. Américo, A., Malacaria, P.: QQIF: quantum quantitative information flow (invited paper). In: HotSpot, pp. 1–10 (2020)

    Google Scholar 

  5. Baldi, M., Bianchi, M., Maturo, N., Chiaraluce, F.: Improving the efficiency of the LDPC code-based McEliece cryptosystem through irregular codes. In: ISCC, pp. 000197–000202 (2013)

    Google Scholar 

  6. Bennett, C.H., Brassard, G.: Quantum cryptography: public key distribution and coin tossing. In: CSSP, pp. 175–179 (1984)

    Google Scholar 

  7. Bernstein, D.J.: Cache-timing attacks on AES. Technical report, University of Illinois (2005)

    Google Scholar 

  8. Bindel, N., Buchmann, J., Krämer, J., Mantel, H., Schickel, J., Weber, A.: Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics. In: Imine, A., Fernandez, J.M., Marion, J.-Y., Logrippo, L., Garcia-Alfaro, J. (eds.) FPS 2017. LNCS, vol. 10723, pp. 225–241. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75650-9_15

    CrossRef  Google Scholar 

  9. Brassard, G., Salvail, L.: Secret-key reconciliation by public discussion. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 410–423. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_35

    CrossRef  Google Scholar 

  10. Brotzman, R.L., Liu, S.L., Zhang, D., Tan, G., Kandemir, M.T.: CaSym: cache aware symbolic execution for side channel detection and mitigation. In: S&P, pp. 505–521 (2018)

    Google Scholar 

  11. Cho, J.Y., Szyrkowiec, T., Griesser, H.: Quantum key distribution as a service. In: QCrypt, pp. 1–3 (2017)

    Google Scholar 

  12. Chothia, T., Kawamoto, Y., Novakovic, C.: A tool for estimating information leakage. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 690–695. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_47

    CrossRef  Google Scholar 

  13. Chothia, T., Kawamoto, Y., Novakovic, C.: LeakWatch: estimating information leakage from Java programs. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 219–236. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_13

    CrossRef  Google Scholar 

  14. Cock, D., Ge, Q., Murray, T., Heiser, G.: The last mile: an empirical study of timing channels on seL4. In: CCS, pp. 570–581 (2014)

    Google Scholar 

  15. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252 (1977)

    Google Scholar 

  16. Dewald, F., Mantel, H., Weber, A.: AVR processors as a platform for language-based security. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10492, pp. 427–445. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66402-6_25

    CrossRef  Google Scholar 

  17. Diamanti, E., Lo, H.K., Qi, B., Yuan, Z.: Practical challenges in quantum key distribution. NPJ Quantum Inf. 2(1), 1–12 (2016)

    CrossRef  Google Scholar 

  18. Dixon, A.R., Sato, H.: High speed and adaptable error correction for megabit/s rate quantum key distribution. Sci. Rep. 4(7275), 1–6 (2014)

    Google Scholar 

  19. Doychev, G., Köpf, B.: Rigorous analysis of software countermeasures against cache attacks. In: PLDI, pp. 406–421 (2017)

    Google Scholar 

  20. Doychev, G., Köpf, B., Mauborgne, L., Reineke, J.: CacheAudit: a tool for the static analysis of cache side channels. ACM Trans. Inf. Syst. Secur. 18(1), 4:1–4:32 (2015)

    Google Scholar 

  21. Ekert, A.K.: Quantum cryptography based on Bell’s theorem. Phys. Rev. Lett. 67(6), 661–663 (1991)

    MathSciNet  CrossRef  Google Scholar 

  22. Elkouss, D., Leverrier, A., Alléaume, R., Boutros, J.H.: Efficient reconciliation protocol for discrete-variable quantum key distribution. In: ISIT, pp. 1879–1883 (2009)

    Google Scholar 

  23. Euler, S., Beier, M., Sinther, M., Walther, T.: Spontaneous parametric down-conversion in waveguide chips for quantum information. In: AIP Conference Proceedings, vol. 1363, no. 1, pp. 323–326 (2011)

    Google Scholar 

  24. Fardan, N.J.A., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: S&P, pp. 526–540 (2013)

    Google Scholar 

  25. Fraunhofer HHI: Fraunhofer HHI participates in major initiative for Quantum Communication supported by German Federal Ministry of Education and Research (2019). https://www.hhi.fraunhofer.de/en/press-media/news/2019/fraunhofer-hhi-participates-in-major-initiative-for-quantum-communication-supported-by-german-federal-ministry-of-education-and-research.html. Accessed 30 Sept 2020

  26. Fry, E.S., Walther, T., Li, S.: Proposal for a loophole-free test of the Bell inequalities. Phys. Rev. A 52(6), 4381–4395 (1995)

    MathSciNet  CrossRef  Google Scholar 

  27. Fung, C.H.F., Qi, B., Tamaki, K., Lo, H.K.: Phase-remapping attack in practical quantum-key-distribution systems. Phys. Rev. A 75(3), 032314-1–032314-12 (2007)

    Google Scholar 

  28. Gallager, R.: Low-density parity-check codes. IRE Trans. Inf. Theory 8(1), 21–28 (1962)

    MathSciNet  CrossRef  Google Scholar 

  29. Gehring, T., et al.: Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks. Nat. Commun. 6(8795), 1–7 (2015)

    Google Scholar 

  30. Geihs, M., et al.: The status of quantum-key-distribution-based long-term secure Internet communication. IEEE T-SUSC 6(1), 19–29 (2021)

    Google Scholar 

  31. Gisin, N., Ribordy, G., Tittel, W., Zbinden, H.: Quantum cryptography. Rev. Mod. Phys. 74(1), 145–195 (2002)

    CrossRef  Google Scholar 

  32. GitHub Inc: Forks of radfordneal/LDPC-codes (2019). https://github.com/radfordneal/LDPC-codes/network/members. Accessed 30 Sept 2020

  33. Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: S&P, pp. 490–505 (2011)

    Google Scholar 

  34. Hui, C., Wang, Y., Lu, X.: Implementation of a high throughput LDPC codec in FPGA for QKD system. In: ICSICT, pp. 1494–1496 (2016)

    Google Scholar 

  35. IEEE Computer Society: IEEE Standard for Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications - Amendment 5: Enhancements for Higher Throughput. Technical report. IEEE Std 802.11n-2009, IEEE (2009)

    Google Scholar 

  36. Institute for Quantum Optics and Quantum Information, Austrian Academy of Sciences: QUAPITAL: Building the first reliable Quantum Internet on top of Europe’s glass fiber network (2020). https://quapital.eu/. Accessed 30 Sept 2020

  37. Intel Corporation: Intel® 64 and IA-32 Software Developer’s Manual. Order Number: 325462–069US (2019)

    Google Scholar 

  38. Jouguet, P., Kunz-Jacques, S., Leverrier, A., Grangier, P., Diamanti, E.: Experimental demonstration of long-distance continuous-variable quantum key distribution. Nat. Photonics 7(5), 378–381 (2013)

    CrossRef  Google Scholar 

  39. Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: S&P, pp. 1–19 (2019)

    Google Scholar 

  40. Köpf, B., Mauborgne, L., Ochoa, M.: Automatic quantification of cache side-channels. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 564–580. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31424-7_40

    CrossRef  Google Scholar 

  41. Köpf, B., Smith, G.: Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks. In: CSF, pp. 44–56 (2010)

    Google Scholar 

  42. Laser and Quantum Optics group (LQO) at TU Darmstadt: Open source software for control of the quantum key distribution and its postprocessing (2020). https://git.rwth-aachen.de/oleg.nikiforov/qkd-tools. Accessed 07 Sept 2020

  43. Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., Mangard, S.: ARMageddon: cache attacks on mobile devices. In: USENIX Security, pp. 549–564 (2016)

    Google Scholar 

  44. Lipp, M., et al.: Meltdown: reading kernel memory from user space. In: USENIX Security, pp. 973–990 (2018)

    Google Scholar 

  45. Lydersen, L., Wiechers, C., Wittmann, C., Elser, D., Skaar, J., Makarov, V.: Hacking commercial quantum cryptography systems by tailored bright illumination. Nat. Photonics 4(10), 686–689 (2010)

    CrossRef  Google Scholar 

  46. MacKay, D.J.C., Neal, R.M.: Near Shannon limit performance of low density parity check codes. Electron. Lett. 32(18), 1645–1646 (1996)

    CrossRef  Google Scholar 

  47. Makarov, V., Hjelme, D.R.: Faked states attack on quantum cryptosystems. J. Mod. Opt. 52(5), 691–705 (2005)

    CrossRef  Google Scholar 

  48. Malacaria, P., Khouzani, M., Pasareanu, C.S., Phan, Q., Luckow, K.S.: Symbolic side-channel analysis for probabilistic programs. In: CSF, pp. 313–327 (2018)

    Google Scholar 

  49. Mantel, H., Schickel, J., Weber, A., Weber, F.: How secure is green IT? The case of software-based energy side channels. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11098, pp. 218–239. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99073-6_11

    CrossRef  Google Scholar 

  50. Mantel, H., Starostin, A.: Transforming out timing leaks, more or less. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 447–467. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24174-6_23

    CrossRef  Google Scholar 

  51. Mantel, H., Weber, A., Köpf, B.: A systematic study of cache side channels across AES implementations. In: Bodden, E., Payer, M., Athanasopoulos, E. (eds.) ESSoS 2017. LNCS, vol. 10379, pp. 213–230. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-62105-0_14

    CrossRef  Google Scholar 

  52. Milicevic, M., Feng, C., Zhang, L.M., Gulak, P.G.: Quasi-cyclic multi-edge LDPC codes for long-distance quantum cryptography. NPJ Quantum Inf. 4(21), 1–9 (2018)

    Google Scholar 

  53. Mohammad, O.K.J., Abbas, S.: Detailed quantum cryptographic service and data security in cloud computing. In: Alfaries, A., Mengash, H., Yasar, A., Shakshuki, E. (eds.) ICC 2019. CCIS, vol. 1097, pp. 43–56. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36365-9_4

    CrossRef  Google Scholar 

  54. Molnar, D., Piotrowski, M., Schultz, D., Wagner, D.: The program counter security model: automatic detection and removal of control-flow side channel attacks. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 156–168. Springer, Heidelberg (2006). https://doi.org/10.1007/11734727_14

    CrossRef  MATH  Google Scholar 

  55. Neal, R.M.: Software for Low Density Parity Check Codes, Version 2012–02-11 (2012). http://www.cs.utoronto.ca/~radford/ftp/LDPC-2012-02-11/. Accessed 20 Sept 2020

  56. Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information: 10th Anniversary Edition. Cambridge University Press, New York (2011)

    MATH  Google Scholar 

  57. Notz, P., Nikiforov, O., Walther, T.: Software bundle for data post-processing in a quantum key distribution experiment. Technical report, TU Darmstadt (2020)

    Google Scholar 

  58. Ollivier, H., Zurek, W.H.: Quantum discord: a measure of the quantumness of correlations. Phys. Rev. Lett. 88(1), 017901-1–017901-4 (2002)

    Google Scholar 

  59. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006). https://doi.org/10.1007/11605805_1

    CrossRef  Google Scholar 

  60. Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. IACR Cryptology ePrint Archive 2002(169), 1–23 (2002)

    Google Scholar 

  61. Pearson, D.: High-speed QKD reconciliation using forward error correction. In: AIP Conference Proceedings, vol. 734, no. 1, pp. 299–302 (2004)

    Google Scholar 

  62. Poddar, R., Datta, A., Rebeiro, C.: A cache trace attack on CAMELLIA. In: Joye, M., Mukhopadhyay, D., Tunstall, M. (eds.) InfoSecHiComNet 2011. LNCS, vol. 7011, pp. 144–156. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24586-2_13

    CrossRef  Google Scholar 

  63. Qi, B., Fung, C.H.F., Lo, H.K., Ma, X.: Time-shift attack in practical quantum cryptosystems. Quantum Inf. Comput. 7(1), 73–82 (2006)

    MathSciNet  MATH  Google Scholar 

  64. Rebeiro, C., Mukhopadhyay, D.: Differential cache trace attack against clefia. IACR Cryptology ePrint Archive 2010(012), 1–11 (2010)

    Google Scholar 

  65. Renner, R.: Security of quantum key distribution. Ph.D. thesis, Swiss Federal Institute of Technology Zurich (2005)

    Google Scholar 

  66. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS, pp. 199–212 (2009)

    Google Scholar 

  67. Sasaki, M., et al.: Field test of quantum key distribution in the Tokyo QKD network. Opt. Express 19(11), 10387–10409 (2011)

    CrossRef  Google Scholar 

  68. Schmitt-Manderbach, T., et al.: Experimental demonstration of free-space decoy-state quantum key distribution over 144 km. Phys. Rev. Lett. 98(1), 010504-1–010504–4 (2007)

    Google Scholar 

  69. Schwarz, M., et al.: KeyDrown: eliminating software-based keystroke timing side-channel attacks. In: NDSS, pp. 1–15 (2018)

    Google Scholar 

  70. Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FoSSaCS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00596-1_21

    CrossRef  Google Scholar 

  71. Spreitzer, R., Moonsamy, V., Korak, T., Mangard, S.: Systematic classification of side-channel attacks: a case study for mobile devices. IEEE Commun. Surv. Tutor. 20(1), 465–488 (2018)

    CrossRef  Google Scholar 

  72. Vest, G., et al.: Design and evaluation of a handheld quantum key distribution sender module. IEEE J. Sel. Top. Quantum Electron. 21(3), 131–137 (2015)

    CrossRef  Google Scholar 

  73. Walenta, N., et al.: A fast and versatile quantum key distribution system with hardware key distillation and wavelength multiplexing. New J. Phys. 16(013047), 1–20 (2014)

    Google Scholar 

  74. Wang, S., Wang, P., Liu, X., Zhang, D., Wu, D.: CacheD: identifying cache-based timing channels in production software. In: USENIX Security, pp. 235–252 (2017)

    Google Scholar 

  75. Weiser, S., Zankl, A., Spreitzer, R., Miller, K., Mangard, S., Sigl, G.: DATA – differential address trace analysis: finding address-based side-channels in binaries. In: USENIX Security, pp. 603–620 (2018)

    Google Scholar 

  76. Xu, F., Ma, X., Zhang, Q., Lo, H.K., Pan, J.W.: Secure quantum key distribution with realistic devices. Rev. Mod. Phys. 92(2), 025002-1–025002-60 (2020)

    Google Scholar 

  77. Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security, pp. 719–732 (2014)

    Google Scholar 

  78. Zhang, Q., Xu, F., Li, L., Liu, N.L., Pan, J.W.: Quantum information research in China. Quantum Sci. Technol. 4(040503), 1–7 (2019)

    Google Scholar 

Download references

Acknowledgements

Funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) - SFB 1119 - 236615297. We also gratefully acknowledge support by the German Federal Ministry of Education and Research and the Hessian Ministry of Higher Education, Research, Science and the Arts within their joint support of the National Research Center for Applied Cybersecurity ATHENE. We thank the reviewers and Boris Köpf for their helpful comments, Tim Weißmantel for his implementation contributions, and the authors of CacheAudit for making the tool publicly available.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Alexandra Weber .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Weber, A. et al. (2021). Cache-Side-Channel Quantification and Mitigation for Quantum Cryptography. In: Bertino, E., Shulman, H., Waidner, M. (eds) Computer Security – ESORICS 2021. ESORICS 2021. Lecture Notes in Computer Science(), vol 12973. Springer, Cham. https://doi.org/10.1007/978-3-030-88428-4_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-88428-4_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-88427-7

  • Online ISBN: 978-3-030-88428-4

  • eBook Packages: Computer ScienceComputer Science (R0)