Paper 2023/1042
A Side-Channel Attack on a Bitsliced Higher-Order Masked CRYSTALS-Kyber Implementation
Abstract
In response to side-channel attacks on masked implementations of post-quantum cryptographic algorithms, a new bitsliced higher-order masked implementation of CRYSTALS-Kyber has been presented at CHES'2022. The bitsliced implementations are typically more difficult to break by side-channel analysis because they execute a single instruction across multiple bits in parallel. However, in this paper, we reveal new vulnerabilities in the masked Boolean to arithmetic conversion procedure of this implementation that make the shared and secret key recovery possible. We also present a new chosen ciphertext construction method which maximizes secret key recovery probability for a given message bit recovery probability. We demonstrate practical shared and secret key recovery attacks on the first-, second- and third-order masked implementations of Kyber-768 in ARM Cortex-M4 using profiled deep learning-based power analysis.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Public-key cryptographyPost-quantum cryptographyKyberLWE/LWR-based KEMSide-channel attack
- Contact author(s)
-
ruize @ kth se
brisfors @ kth se
dubrova @ kth se - History
- 2023-07-05: approved
- 2023-07-04: received
- See all versions
- Short URL
- https://ia.cr/2023/1042
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1042,
author = {Ruize Wang and Martin Brisfors and Elena Dubrova},
title = {A Side-Channel Attack on a Bitsliced Higher-Order Masked CRYSTALS-Kyber Implementation},
howpublished = {Cryptology ePrint Archive, Paper 2023/1042},
year = {2023},
note = {\url{https://eprint.iacr.org/2023/1042}},
url = {https://eprint.iacr.org/2023/1042}
}
