Paper 2023/1220
Securing Lattice-Based KEMs with Code-Based Masking: A Theoretical Approach
Abstract
The recent technological advances in Post-Quantum Cryptography (PQC) raise the questions of robust implementations of new asymmetric cryptographic primitives in today’s technology. This is the case for the lattice-based Module Lattice-Key Encapsulation Mechanism (ML-KEM) algorithm which is proposed by the NIST as the first standard for Key Encapsulation Mechanism (KEM), taking inspiration from CRYSTALS-Kyber. We have notably to make sure the ML-KEM implementation is resilient against physical attacks like Side-Channel Analysis (SCA) and Fault Injection Attacks (FIA). To reach this goal, we propose to adapt a masking countermeasure, more precisely the generic Direct Sum Masking method (DSM). By taking inspiration of a previous paper on AES, we extend the method to finite fields of characteristic prime other than 2 and even-length codes. We also investigate its application to Keccak, which is the hash-based function used in ML-KEM. We propose masked conversions and use cost-amortization to perform this hash. We provide the first masked implementation of ML-KEM with both SCA and FIA resilience able of correcting errors. Our FIA resilience allows for fault correction even within the multiplicative gadget. Finally, we adapt a polynomial evaluation method to compute masked polynomials with public coefficients over finite fields of characteristic different from 2.
Note: Revision 2: Added Conversion between different code-based maskings and thus new performances comparison
Metadata
- Available format(s)
-
PDF
- Publication info
- Preprint.
- Keywords
- Post-Quantum CryptograpyML-KEMSide Channel AnalysisFault Injection AttackCode Based MaskingConversion
- Contact author(s)
-
berthet @ telecom-paris fr
yoan rougeolle @ hensoldt net
cedric tavernier @ hensoldt net
jean-luc danger @ telecom-paris fr
laurent sauvage @ telecom-paris fr - History
- 2024-05-26: last of 2 revisions
- 2023-08-11: received
- See all versions
- Short URL
- https://ia.cr/2023/1220
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1220, author = {Pierre-Augustin Berthet and Yoan Rougeolle and Cédric Tavernier and Jean-Luc Danger and Laurent Sauvage}, title = {Securing Lattice-Based {KEMs} with Code-Based Masking: A Theoretical Approach}, howpublished = {Cryptology ePrint Archive, Paper 2023/1220}, year = {2023}, note = {\url{https://eprint.iacr.org/2023/1220}}, url = {https://eprint.iacr.org/2023/1220} }