Paper 2022/1713
Breaking a Fifth-Order Masked Implementation of CRYSTALS-Kyber by Copy-Paste
, Royal Institute of Technology, Royal Institute of TechnologyAbstract
CRYSTALS-Kyber has been selected by the NIST as a public-key encryption and key encapsulation mechanism to be standardized. It is also included in the NSA's suite of cryptographic algorithms recommended for national security systems. This makes it important to evaluate the resistance of CRYSTALS-Kyber's implementations to side-channel attacks. The unprotected and first-order masked software implementations have been already analysed. In this paper, we present deep learning-based message recovery attacks on the $\omega$-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU for $\omega \leq 5$. The main contribution is a new neural network training method called recursive learning. In the attack on an $\omega$-order masked implementation, we start training from an artificially constructed neural network $M^{\omega}$ whose weights are partly copied from a model $M^{\omega-1}$ trained on the $(\omega-1)$-order masked implementation, and then extended to one more share. Such a method allows us to train neural networks that can recover a message bit with the probability above 99% from high-order masked implementations.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint.
- Keywords
- Post-quantum cryptography CRYSTALS-Kyber side-channel attack masking
- Contact author(s)
-
dubrova @ kth se
kngo @ kth se
jgartner @ kth se - History
- 2022-12-13: approved
- 2022-12-10: received
- See all versions
- Short URL
- https://ia.cr/2022/1713
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1713,
author = {Elena Dubrova and Kalle Ngo and Joel Gärtner},
title = {Breaking a Fifth-Order Masked Implementation of {CRYSTALS}-Kyber by Copy-Paste},
howpublished = {Cryptology {ePrint} Archive, Paper 2022/1713},
year = {2022},
url = {https://eprint.iacr.org/2022/1713}
}
