Paper 2023/1084

A Side-Channel Attack on a Masked Hardware Implementation of CRYSTALS-Kyber

Yanning Ji, KTH Royal Institute of Technology
Elena Dubrova, KTH Royal Institute of Technology
Abstract

NIST has recently selected CRYSTALS-Kyber as a new public key encryption and key establishment algorithm to be standardized. This makes it important to evaluate the resistance of CRYSTALS-Kyber implementations to side-channel attacks. Software implementations of CRYSTALS-Kyber have already been thoroughly analysed. The discovered vulnerabilities helped improve the subsequently released versions and promoted stronger countermeasures against side-channel attacks. In this paper, we present the first attack on a protected hardware implementation of CRYSTALS-Kyber. We demonstrate a practical message (shared key) recovery attack on the first-order masked FPGA implementation of Kyber-512 by Kamucheka et al. (2022) using power analysis based on the Hamming distance leakage model. The presented attack exploits a vulnerability located in the masked message decoding procedure which is called during the decryption step of the decapsulation. The message recovery is performed using a profiled deep learning-based method which extracts the message directly, without extracting each share explicitly. By repeating the same decapsulation process multiple times, it is possible to increase the success rate of full shared key recovery to 99%.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
public key cryptographypost-quantum cryptographyCRYSTALS-KyberLWE/LWR-based KEMside-channel attackdeep learning
Contact author(s)
yanning @ kth se
dubrova @ kth se
History
2023-07-16: approved
2023-07-12: received
See all versions
Short URL
https://ia.cr/2023/1084
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1084,
      author = {Yanning Ji and Elena Dubrova},
      title = {A Side-Channel Attack on a Masked Hardware Implementation of {CRYSTALS}-Kyber},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1084},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1084}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.