Will You Cross the Threshold for Me?

In this work, we propose generic and novel side-channel assisted chosenciphertext attacks on NTRU-based key encapsulation mechanisms (KEMs). These KEMs are IND-CCA secure, that is, they secure in the chosen-ciphertext model. Our involve construction of malformed ciphertexts. When decapsulated by target device, these ciphertexts ensure a targeted intermediate variable becomes very closely related to secret key. An attacker, who can obtain information about secret-dependent through side-channels, subsequently recover full We several CCAs which be carried using leakage from decapsulation procedure. The instantiate three different types oracles, namely plaintext-checking oracle, decryptionfailure full-decryption applicable two schemes, NTRU Prime. schemes candidates ongoing NIST standardization process for post-quantum cryptography. perform experimental validation optimized unprotected implementations taken open-source pqm4 library, EM-based 32-bit ARM Cortex-M4 microcontroller. All our proposed capable recovering only few thousand chosen ciphertext queries all parameter sets attacks, therefore, stress need concrete protection strategies NTRUbased KEMs.