Implementation Vulnerability Analysis: A case study on ChaCha of SPHINCS

Deployment of Post Quantum Cryptography(PQC) primitives ensures forward secrecy for today’s communication against tomorrow’s quantum adversary. However, these primitives have to be realized in conventional hardware, which may be vulnerable to side-channel attacks. Therefore, vulnerability analysis of these primitives is essential before deployment. In this paper, a NIST favoured digital signature primitive- SPHINCS is taken for analysis. ChaCha and BLAKE are ciphers that form the building blocks of SPHINCS. These ciphers are based on Addition, Rotation, and XOR(ARX) operations. The literature review has shown ARX ciphers to be vulnerable against implementation attacks. In this work, an effective countermeasure for the aforementioned building blocks is explored. This is achieved through the following: Parallel Prefix Adders are taken for addition operation in these ciphers instead of the native adder in Electronic Design Automation(EDA) tools. Distinct profiles are created which include the cipher using a particular adder with its best-suited implementation style. An optimized version of Threshold Implementation(TI) is adopted on the profiles as a countermeasure for the attacks on the unprotected implementations. Finally, we evaluate the protected profiles’ resistance using Test Vector Leakage Assessment(TVLA) and Deep learning techniques. Such an analysis that follows a generic framework will be straightforward to automate. We believe this will serve to be useful for standardization of Threshold Schemes.