Paper 2024/2051
Simple Power Analysis assisted Chosen Cipher-Text Attack on ML-KEM
Abstract
Recent work proposed by Bernstein et al. (from EPRINT 2024) identified two timing attacks, KyberSlash1 and KyberSlash2, targeting ML-KEM decryption and encryption algorithms, respectively, enabling efficient recovery of secret keys. To mitigate these vulnerabilities, correctives were promptly applied across implementations. In this paper, we demonstrate a very simple side-channel-assisted power analysis attack on the patched implementations of ML-KEM. Our result showed that original timing leakage can be shifted to power consumption leakage that can be exploited on specific data. We performed a practical validation of this attack on both the standard and a shuffled implementations of ML-KEM on a Cortex-M4 platform, confirming its effectiveness. Our approach enables the recovery of the ML-KEM secret key in just 30 seconds for the standard implementation, and approximately 3 hours for the shuffled implementation, achieving a 100% success rate in both cases.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- ML-KEMKyberLattice-based cryptographyPost-quantum cryptographySide-channel attacksSimple power analysis
- Contact author(s)
-
alexandre berzati @ thalesgroup com
andersson calle-viera @ thalesgroup com
maya saab-chartouni @ thalesgroup com
david vigilant @ thalesgroup com - History
- 2024-12-19: approved
- 2024-12-19: received
- See all versions
- Short URL
- https://ia.cr/2024/2051
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/2051,
author = {Alexandre Berzati and Andersson Calle Viera and Maya Chartouny and David Vigilant},
title = {Simple Power Analysis assisted Chosen Cipher-Text Attack on {ML}-{KEM}},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/2051},
year = {2024},
url = {https://eprint.iacr.org/2024/2051}
}
