Efficient SPA Countermeasures using Redundant Number Representation with Application to ML-KEM

Rishub Nagpal; Vedad Hadžić; Robert Primas; Stefan Mangard

Paper 2025/679

Efficient SPA Countermeasures using Redundant Number Representation with Application to ML-KEM

Rishub Nagpal, Graz University of Technology

Vedad Hadžić, Intel (United States)

Robert Primas, Intel (United States)

Stefan Mangard, Graz University of Technology

Abstract

Simple power analysis (SPA) attacks and their extensions, profiled and soft-analytical side-channel attacks (SASCA), represent a significant threat to the security of cryptographic devices and remain among the most powerful classes of passive side-channel attacks. In this work, we analyze how numeric representations of secrets can affect the amount of exploitable information leakage available to the adversary. We present an analysis of how mutual information changes as a result of the integer ring size relative to the machine word-size. Furthermore, we study the Redundant Number Representation (RNR) countermeasure and show that its application to ML-KEM can resist the most powerful SASCA attacks and provides a low-cost alternative to shuffling. We eval- uate the performance of RNR-ML-KEM with both simulated and prac- tical SASCA experiments on the ARM Cortex-M4 based on a worst-case attack methodology. We show that RNR-ML-KEM sufficiently renders these attacks ineffective. Finally, we evaluate the performance of the RNR-ML-KEM NTT and INTT and show that SPA security can be achieved with a 62.8% overhead for the NTT and 0% overhead for the INTT relative to the ARM Cortex-M4 reference implementation used.

Note: Accepted at SAC2025

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Preprint.
Keywords: ML-KEM SASCA Power Analysis Countermeasures
Contact author(s): rishub nagpal @ tugraz at
vedad hadzic @ intel com
robert primas @ intel com
stefan mangard @ tugraz at
History: 2025-04-16: approved; 2025-04-15: received; See all versions
Short URL: https://ia.cr/2025/679
License: CC BY

BibTeX

@misc{cryptoeprint:2025/679,
      author = {Rishub Nagpal and Vedad Hadžić and Robert Primas and Stefan Mangard},
      title = {Efficient {SPA} Countermeasures using Redundant Number Representation with Application to {ML}-{KEM}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/679},
      year = {2025},
      url = {https://eprint.iacr.org/2025/679}
}