Paper 2022/1452

A Side-Channel Attack on a Hardware Implementation of CRYSTALS-Kyber

Yanning Ji, KTH Royal Institute of Technology
Ruize Wang, KTH Royal Institute of Technology
Kalle Ngo, KTH Royal Institute of Technology
Elena Dubrova, KTH Royal Institute of Technology
Linus Backlund, KTH Royal Institute of Technology

CRYSTALS-Kyber has been recently selected by the NIST as a new public-key encryption and key-establishment algorithm to be standardized. This makes it important to assess how well CRYSTALS-Kyber implementations withstand side-channel attacks. Software implementations of CRYSTALS-Kyber have been already analyzed and the discovered vulnerabilities were patched in the subsequently released versions. In this paper, we present a profiling side-channel attack on a hardware implementation of CRYSTALS-Kyber with the security parameter $k = 3$, Kyber768. Since hardware implementations carry out computation in parallel, they are typically more difficult to break than their software counterparts. We demonstrate a successful message (session key) recovery by deep learning-based power analysis. Our results indicate that currently available hardware implementations of CRYSTALS-Kyber need better protection against side-channel attacks.

Available format(s)
Attacks and cryptanalysis
Publication info
post-quantum cryptography CRYSTALS-Kyber LWE-based KEM side-channel attack FPGA power analysis deep learning
Contact author(s)
yanning @ kth se
ruize @ kth se
kngo @ kth se
dubrova @ kth se
lbackl @ kth se
2022-10-25: approved
2022-10-24: received
See all versions
Short URL
Creative Commons Attribution


      author = {Yanning Ji and Ruize Wang and Kalle Ngo and Elena Dubrova and Linus Backlund},
      title = {A Side-Channel Attack on a Hardware Implementation of CRYSTALS-Kyber},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1452},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.