STAMP-Single Trace Attack on M-LWE Pointwise Multiplication in Kyber

Bolin Yang; Prasanna Ravi; Fan Zhang; Ao Shen; Shivam Bhasin

Paper 2023/1184

STAMP-Single Trace Attack on M-LWE Pointwise Multiplication in Kyber

Bolin Yang, Zhejiang University

Prasanna Ravi, Nanyang Technological University

Fan Zhang, Zhejiang University

Ao Shen, Zhejiang University

Shivam Bhasin, Nanyang Technological University

Abstract

In this work, we propose a novel single-trace key recovery attack targeting side-channel leakage from the key-generation and encryption procedure of Kyber KEM. Our attack exploits the inherent nature of the Module-Learning With Errors (Module-LWE) problem used in Kyber KEM. We demonstrate that the inherent reliance of Kyber KEM on the Module-LWE problem results in higher number of repeated and secret key-related computations, referred to as STAMPs appearing on a single side channel trace, compared to the Ring-LWE problem of similar security level. We exploit leakage from the pointwise multiplication operation and take advantage of the properties of the Module-LWE instance to enable a potential single trace key recovery attack. We validated the efficacy of our attack on both simulated and real traces, and we performed experiments on both the reference and assembly optimized implementation of Kyber KEM, taken from the pqm4 library, a well-known benchmarking and testing framework for PQC schemes on the ARM Cortex-M4 microcontroller. We also analyze the applicability of our attack on countermeasures against traditional SCA such as masking and shuffling. We believe our work motivates more research towards SCA resistant implementation of key-generation and encryption procedure for Kyber KEM.

Note: unmarked and notanonymous version

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Preprint.
Keywords: Kyber Side-Channel Attack Single-Trace Attack Post Quantum Cryptography
Contact author(s): yangbolin @ zju edu cn
prasanna ravi @ ntu edu sg
fanzhang @ zju edu cn
aoshen @ zju edu cn
sbhasin @ ntu edu sg
History: 2023-10-19: last of 3 revisions; 2023-08-03: received; See all versions
Short URL: https://ia.cr/2023/1184
License: CC BY

BibTeX

@misc{cryptoeprint:2023/1184,
      author = {Bolin Yang and Prasanna Ravi and Fan Zhang and Ao Shen and Shivam Bhasin},
      title = {STAMP-Single Trace Attack on M-LWE Pointwise Multiplication in Kyber},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1184},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1184}},
      url = {https://eprint.iacr.org/2023/1184}
}