Cryptology ePrint Archive: Report 2022/058

First-Order Masked Kyber on ARM Cortex-M4

Daniel Heinz and Matthias J. Kannwischer and Georg Land and Thomas Pöppelmann and Peter Schwabe and Daan Sprenkels

Abstract: In this work, we present a fast and first-order secure Kyber implementation optimized for ARM Cortex-M4. Most notably, to our knowledge this is the first liberally-licensed open-source Cortex-M4 implementation of masked Kyber. The ongoing NIST standardization process for post-quantum cryptography and newly proposed side-channel attacks have increased the demand for side-channel analysis and countermeasures for the finalists. On the foundation of the commonly used PQM4 project, we make use of the previously presented optimizations for Kyber on a Cortex-M4 and further combine different ideas from various recent works to achieve a better performance and improve the security in comparison to the original implementations. We show our performance results for first-order secure implementations. Our masked Kyber768 decapsulation on the ARM Cortex-M4 requires only 2 978 441 cycles, including randomness generation from the internal RNG. We then practically verify our implementation by using the t-test methodology with 100 000 traces.

Category / Keywords: implementation / Lattice Based Cryptography, Kyber, Side-Channel Analysis, ARM Cortex-M4

Date: received 17 Jan 2022

Contact author: daniel heinz at unibw de, thomas poeppelmann at infineon com, matthias at kannwischer eu, georg land at ruhr-uni-bochum de, peter at cryptojedi org, daan at dsprenkels com

Available format(s): PDF | BibTeX Citation

Version: 20220118:161815 (All versions of this report)

Short URL: ia.cr/2022/058


[ Cryptology ePrint archive ]