Paper 2023/1587
A Single-Trace Message Recovery Attack on a Masked and Shuffled Implementation of CRYSTALS-Kyber
Abstract
Last year CRYSTALS-Kyber was chosen by NIST as a new, post-quantum secure key encapsulation mechanism to be standardized. This makes it important to assess the resistance of CRYSTALS-Kyber implementations to physical attacks. Pure side-channel attacks on post-quantum cryptographic algorithms have already been well-explored. In this paper, we present an attack on a masked and shuffled software implementation of CRYSTALS-Kyber that combines fault injection with side-channel analysis. First, a voltage fault injection is performed to bypass the shuffling. We found settings that consistently glitch the desired instructions without crashing the device. After the successful fault injection, a deep learning-assisted profiled power analysis based on the Hamming weight leakage model is used to recover the message (shared key). We propose a partial key enumeration method that allows us to significantly increase the success rate of message recovery (from 0.122 without enumeration to 0.887 with 32 enumerated bits).
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. 2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
- DOI
- 10.1109/HOST55342.2024.10545390
- Keywords
- Fault injectionSide-channel attackCRYSTALS-KyberML-KEMPost-quantum cryptography
- Contact author(s)
-
jendral @ kth se
kngo @ kth se
ruize @ kth se
dubrova @ kth se - History
- 2024-11-12: revised
- 2023-10-13: received
- See all versions
- Short URL
- https://ia.cr/2023/1587
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1587, author = {Sönke Jendral and Kalle Ngo and Ruize Wang and Elena Dubrova}, title = {A Single-Trace Message Recovery Attack on a Masked and Shuffled Implementation of {CRYSTALS}-Kyber}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1587}, year = {2023}, doi = {10.1109/HOST55342.2024.10545390}, url = {https://eprint.iacr.org/2023/1587} }