Paper 2022/058
First-Order Masked Kyber on ARM Cortex-M4
Abstract
In this work, we present a fast and first-order secure Kyber implementation optimized for ARM Cortex-M4. Most notably, to our knowledge this is the first liberally-licensed open-source Cortex-M4 implementation of masked Kyber. The ongoing NIST standardization process for post-quantum cryptography and newly proposed side-channel attacks have increased the demand for side-channel analysis and countermeasures for the finalists. On the foundation of the commonly used PQM4 project, we make use of the previously presented optimizations for Kyber on a Cortex-M4 and further combine different ideas from various recent works to achieve a better performance and improve the security in comparison to the original implementations. We show our performance results for first-order secure implementations. Our masked Kyber768 decapsulation on the ARM Cortex-M4 requires only 2 978 441 cycles, including randomness generation from the internal RNG. We then practically verify our implementation by using the t-test methodology with 100 000 traces.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Preprint.
- Keywords
- Lattice Based CryptographyKyberSide-Channel AnalysisARM Cortex-M4
- Contact author(s)
-
daniel heinz @ unibw de
matthias @ kannwischer eu
georg land @ ruhr-uni-bochum de
thomas poeppelmann @ infineon com
peter @ cryptojedi org
amber @ electricdusk com - History
- 2023-12-11: revised
- 2022-01-18: received
- See all versions
- Short URL
- https://ia.cr/2022/058
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/058,
author = {Daniel Heinz and Matthias J. Kannwischer and Georg Land and Thomas Pöppelmann and Peter Schwabe and Amber Sprenkels},
title = {First-Order Masked Kyber on {ARM} Cortex-M4},
howpublished = {Cryptology {ePrint} Archive, Paper 2022/058},
year = {2022},
url = {https://eprint.iacr.org/2022/058}
}
