Paper 2023/1587

A Single-Trace Message Recovery Attack on a Masked and Shuffled Implementation of CRYSTALS-Kyber

Sönke Jendral, KTH Royal Institute of Technology
Kalle Ngo, KTH Royal Institute of Technology
Ruize Wang, KTH Royal Institute of Technology
Elena Dubrova, KTH Royal Institute of Technology
Abstract

Last year CRYSTALS-Kyber was chosen by NIST as a new, post-quantum secure key encapsulation mechanism to be standardized. This makes it important to assess the resistance of CRYSTALS-Kyber implementations to physical attacks. Pure side-channel attacks on post-quantum cryptographic algorithms have already been well-explored. In this paper, we present an attack on a masked and shuffled software implementation of CRYSTALS-Kyber that combines fault injection with side-channel analysis. First, a voltage fault injection is performed to bypass the shuffling. We found settings that consistently glitch the desired instructions without crashing the device. After the successful fault injection, a deep learning-assisted profiled power analysis based on the Hamming weight leakage model is used to recover the message (shared key). We propose a partial key enumeration method that allows us to significantly increase the success rate of message recovery (from 0.122 without enumeration to 0.887 with 32 enumerated bits).

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. 2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
DOI
10.1109/HOST55342.2024.10545390
Keywords
Fault injectionSide-channel attackCRYSTALS-KyberML-KEMPost-quantum cryptography
Contact author(s)
jendral @ kth se
kngo @ kth se
ruize @ kth se
dubrova @ kth se
History
2024-11-12: revised
2023-10-13: received
See all versions
Short URL
https://ia.cr/2023/1587
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1587,
      author = {Sönke Jendral and Kalle Ngo and Ruize Wang and Elena Dubrova},
      title = {A Single-Trace Message Recovery Attack on a Masked and Shuffled Implementation of {CRYSTALS}-Kyber},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1587},
      year = {2023},
      doi = {10.1109/HOST55342.2024.10545390},
      url = {https://eprint.iacr.org/2023/1587}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.