3553x's Blog About Cryptography, Security and Other Things

FHE systems allow for computations to be evaluated on encrypted ciphertexts. Some of these systems support batching, i.e. the packing of multiple plaintext values into a single ciphertext. One example for such as scheme is CKKS. This post explains how a vector of plaintext values can be homomorphically rotated in the CKKS FHE cryptosystem.

Encryption algorithms which for a given key always map the same message to the same ciphertext (i.e. deterministic, stateless algorithms) are not IND-CPA secure. This is typically taught in introductory level courses on cryptography, however I noticed that some students seem to be confused about this and every now and then a question about this pops up on online discussion forums. Hence, I have written this blogpost in hopes of clearing things up.

This post is about how I attempted to implement Paul Kocher’s well known Differential Power Analysis (DPA) attack by attacking AES128. The attack didn’t work out initially and I had to use my creativity to rediscover a variation of the attack, namely Multi-Bit DPA, which has already been known for years. Ultimately, I managed to implement a DPA attack that can recover the encryption key with nothing but the ciphertext, power traces of the encryption device and a few hours of time.