Paper 2023/1952

Overview and Discussion of Attacks on CRYSTALS-Kyber

Abstract

This paper reviews common attacks in classical cryptography and plausible attacks in the post-quantum era targeted at CRYSTALS-Kyber. Kyber is a recently standardized post-quantum cryptography scheme that relies on the hardness of lattice problems. Although it has undergone rigorous testing by the National Institute of Standards and Technology (NIST), there have recently been studies that have successfully executed attacks against Kyber while showing their applicability outside of controlled settings. The attacks discussed in the paper include common attacks, side-channel attacks, SCA-assisted CCA, and fault injections. In the common attacks section, attacks on symmetric primitives, multi-target attacks, and attacks exploiting decryption failures can all be deemed inviable, while recent data on attacks on module-LWE questions Kyber's security level. In the side-channel attacks section, timing attacks are proven useless due to the constant-time nature of Kyber, but SASCA attacks are still viable, though easily defended against with minimal drawbacks. Attacks targeting message encoding and attacks using deep learning, however, both prove effective, even with high-order masking. LDPC has also been proposed as a new framework for attack, proving itself potent with room for growth. In the SCA-assisted CCA section, EM attacks and CPA attacks have also both shown potential while remaining difficult to defend against. In the fault injection section, Roulette and error-tolerant key recovery have both recently been proposed, with data demonstrating their effectiveness and difficulty to defend against. This paper aims to provide future researchers insight into what areas should be focused on to strengthen current as well as future cryptosystems.