Horizontal Correlation Analysis without Precise Location on Schoolbook Polynomial Multiplication of Lattice-based Cryptosystem

Most cryptographic systems are secure in theory; however, the implementation of cryptographic system on embedded devices can be attacked by analyzing the power consumption of specific operation to reveal the key. The classic vertical correlation power analysis (CPA) attack requires a large number of power traces for analysis. Using transient secret-key scheme significantly weakens such an attack as insufficient data could be obtained. On the other hand, the horizontal CPA requires at least a single power trace and can make full use of multiple intermediate values to analyze the correlation of power consumption. In this work, we devised a horizontal CPA attack on schoolbook polynomial multiplication of hardware-implemented lattice-based cryptosystem without precise location. The accuracy of correctly recovering any one sub secret-key using only a single trace is 99.90%, and the accuracy of correctly recovering the secret-key is 76.41%. The powerful attack capability of horizontal CPA exposes the vulnerability of unprotected schoolbook polynomial multiplication against the attack of side-channel analysis (SCA).