Paper 2021/101

Combined Fault and DPA Protection for Lattice-Based Cryptography

Daniel Heinz and Thomas Pöppelmann


The progress on constructing quantum computers and the ongoing standardization of post-quantum cryptography (PQC) have led to the development and refinement of promising new digital signature schemes and key encapsulation mechanisms (KEM). Especially lattice-based schemes have gained some popularity in the research community, presumably due to acceptable key, ciphertext, and signature sizes as well as good performance results and cryptographic strength. However, in some practical applications like smart cards, it is also crucial to secure cryptographic implementations against side-channel and fault attacks. In this work, we analyze the so-called redundant number representation (RNR) that can be used to counter side-channel attacks. We show how to avoid security issues with the RNR due to unexpected de-randomization and we apply it to the Kyber KEM and show that the RNR has a very low overhead. We then verify the RNR methodology by practical experiments, using the non-specific t-test methodology and the ChipWhisperer platform. Furthermore, we present a novel countermeasure against fault attacks based on the Chinese remainder theorem (CRT). On an ARM Cortex-M4, our implementation of the RNR and fault countermeasure offers better performance than masking and redundant calculation. Our methods thus have the potential to expand the toolbox of a defender implementing lattice-based cryptography with protection against two common physical attacks.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
Lattice-Based CryptographyModule-LWEKyberSide-Channel AttacksARM Cortex-M
Contact author(s)
Daniel Heinz @ unibw de
Thomas Poeppelmann @ infineon com
2021-02-25: last of 4 revisions
2021-01-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Daniel Heinz and Thomas Pöppelmann},
      title = {Combined Fault and DPA Protection for Lattice-Based Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2021/101},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.