Skip to main content
SpringerLink
Log in

In-depth Analysis of Side-Channel Countermeasures for CRYSTALS-Kyber Message Encoding on ARM Cortex-M4

  • Conference paper
  • First Online:
Smart Card Research and Advanced Applications (CARDIS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13173))

Abstract

A variety of post-quantum cryptographic schemes are currently undergoing standardization in the National Institute of Standards and Technology’s post-quantum cryptography standardization process. It is well known from classical cryptography that actual implementations of cryptographic schemes can be attacked by exploiting side-channels, e.g. timing behavior, power consumption or emanation in the electromagnetic field. Although several of the reference implementations currently in the third and final standardization round are – to some extent – implemented in a timing-constant fashion, resistance against other side-channels is not taken into account yet.

Implementing sufficient countermeasures, however, is challenging. We therefore exemplarily examine CRYSTALS-Kyber, which is a lattice-based key encapsulation mechanism currently considered as a candidate for standardization. By analyzing the power consumption side-channel during message encoding we develop four more and compare six different implementations with an increasing degree of countermeasures. We show that introducing randomization countermeasures is crucial as all examined implementations aiming at reducing the leakage by minimizing the Hamming distance of the processed intermediate values only are vulnerable against single-trace attacks when implemented on an ARM Cortex-M4.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Proportion of correctly classified traces, i.e. \(r_s = \tiny {\frac{Correctly classified traces }{Number of traces }}\).

References

  1. Amiet, D., Curiger, A., Leuenberger, L., Zbinden, P.: Defeating NewHope with a single trace. In: Ding, J., Tillich, J.-P. (eds.) PQCrypto 2020. LNCS, vol. 12100, pp. 189–205. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44223-1_11

    Chapter  Google Scholar 

  2. Avanzi, R., et al.: NIST Submission Package for round 3 (2020). https://pq-crystals.org/kyber/resources.shtml

  3. Avanzi, R., et al.: CRYSTALS - kyber: algorithm specifications and supporting documentation (version 3.01) (2021). https://pq-crystals.org/kyber/data/kyber-specification-round3-20210131.pdf

  4. Bache, F., Paglialonga, C., Oder, T., Schneider, T., Güneysu, T.: High-Speed Masking for Polynomial Comparison in Lattice-based KEMs. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(3), 483–507 (2020)

    Article  Google Scholar 

  5. Bhasin, S., D’Anvers, J.P., Heinz, D., Pöppelmann, T., Beirendonck, M.V.: Attacking and defending masked polynomial comparison for lattice-based cryptography. Cryptology ePrint Archive, Report 2021/104 (2021)

    Google Scholar 

  6. Bos, J.W., et al.: CRYSTALS - Kyber: a CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy, Euro S&P 2018, pp. 353–367. IEEE (2018)

    Google Scholar 

  7. Bos, J.W., Gourjon, M., Renes, J., Schneider, T., van Vredendaal, C.: Masking Kyber: first- and higher-order implementations. Cryptology ePrint Archive, Report 2021/483 (2021)

    Google Scholar 

  8. Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (2006)

    Article  MathSciNet  Google Scholar 

  9. Ding, A.A., Zhang, L., Durvaux, F., Standaert, F.-X., Fei, Y.: Towards sound and optimal leakage detection procedure. In: Eisenbarth, T., Teglia, Y. (eds.) CARDIS 2017. LNCS, vol. 10728, pp. 105–122. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75208-2_7

    Chapter  Google Scholar 

  10. Fritzmann, T., et al.: Masked accelerators and instruction set extensions for post-quantum cryptography. Cryptology ePrint Archive, Report 2021/479 (2021)

    Google Scholar 

  11. Fujisaki, E., Okamoto, T.: Secure Integration of Asymmetric and Symmetric Encryption Schemes. In: Wiener, M.J. (ed.) Advances in Cryptology - CRYPTO ’99. LNCS, vol. 1666, pp. 537–554. Springer (1999).

    Chapter  Google Scholar 

  12. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic Analysis: Concrete Results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2001. pp. 251–261. Springer (2001).

    Chapter  Google Scholar 

  13. Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates vs. Stochastic Methods. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2006. pp. 15–29. Springer (2006).

    Chapter  Google Scholar 

  14. Google: A Preview of Bristlecone, Google’s New Quantum Processor (2018). https://ai.googleblog.com/2018/03/a-preview-of-bristlecone-googles-new.html

  15. IBM: IBM’s Roadmap For Scaling Quantum Technology (2020). https://www.ibm.com/blogs/research/2020/09/ibm-quantum-roadmap

  16. Kocher, Paul, Jaffe, Joshua, Jun, Benjamin: Differential Power Analysis. In: Wiener, Michael (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    Chapter  Google Scholar 

  17. Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) Advances in Cryptology - CRYPTO ’96. pp. 104–113. Springer (1996)

    Chapter  Google Scholar 

  18. Moody, D., et al.: Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process (2020)

    Google Scholar 

  19. Mosca, M.: Towards quantum-safe cryptography. In: Mosca, M., Lenhart, G., Pecen, M. (eds.) 1st Quantum-Safe-Crypto Workshop, pp. 39–49. ETSI (2013). https://docbox.etsi.org/Workshop/2013/201309_CRYPTO/e-proceedings_Crypto_2013.pdf

  20. Mosca, M.: Cybersecurity in an Era with Quantum Computers: Will We Be Ready? IEEE Secur. Priv. 16(5), 38–41 (2018)

    Article  Google Scholar 

  21. National Institute of Standards and Technology: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Technical Report. Federal Information Processing Standards Publications (FIPS PUBS) 202, U.S. Department of Commerce, Washington, D.C. (2015)

    Google Scholar 

  22. National Institute of Standards and Technology: PQC Standardization Process: Third Round Candidate Announcement (2020). https://www.nist.gov/news-events/news/2020/07/pqc-standardization-process-third-round-candidate-announcement

  23. NIST: Post Quantum Cryptography - Workshops and Timeline (2021). https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline

  24. NXP: FRDM-K22F: NXP Freedom Developement Platform for Kinetis K22 MCUs (2021). https://www.nxp.com/design/development-boards/freedom-development-boards/mcu-boards/nxp-freedom-development-platform-for-kinetis-k22-mcus:FRDM-K22F

  25. Oder, T., Schneider, T., Pöppelmann, T., Güneysu, T.: Practical CCA2-secure and masked ring-LWE implementation. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(1), 142–174 (2018)

    Article  Google Scholar 

  26. Ravi, P., Roy, S.S., Chattopadhyay, A., Bhasin, S.: Generic Side-channel attacks on CCA-secure lattice-based PKE and KEMs. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(3), 307–335 (2020)

    Article  Google Scholar 

  27. Reparaz, O., de Clercq, R., Roy, S.S., Vercauteren, F., Verbauwhede, I.: Additively Homomorphic Ring-LWE Masking. In: Takagi, T. (ed.) Post-Quantum Cryptography - PQCrypto 2016. LNCS, vol. 9606, pp. 233–244. Springer (2016).

    Chapter  Google Scholar 

  28. Reparaz, O., Roy, S.S., Vercauteren, F., Verbauwhede, I.: A Masked Ring-LWE Implementation. In: Güneysu, T., Handschuh, H. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2015. LNCS, vol. 9293, pp. 683–702. Springer (2015).

    Chapter  Google Scholar 

  29. Rodriguez-Henriquez, F., Jaques, S., Lochter, M., Mosca, M.: How long can we safely use pre-quantum ECC? (2020). https://eccworkshop.org/2020

  30. Shor, P.W.: Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM J. Comput. 26(5), 1484–1509 (1997)

    Article  MathSciNet  Google Scholar 

  31. Sim, B., et al.: Single-trace attacks on message encoding in lattice-based KEMs. IEEE Access 8, 183175–183191 (2020)

    Article  Google Scholar 

  32. Xu, Z., Pemberton, O., Roy, S.S., Oswald, D.: Magnifying side-channel leakage of lattice-based cryptosystems with chosen ciphertexts: the case study of kyber. Cryptology ePrint Archive, Report 2020/912 (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Division for Hardware Evaluation, TÜV Informationstechnik GmbH, TÜV NORD Group, Essen, Germany

    Hauke Malte Steffen, Lucie Johanna Kogelheide & Timo Bartkewitz

Authors
  1. Hauke Malte Steffen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lucie Johanna Kogelheide
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Timo Bartkewitz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lucie Johanna Kogelheide .

Editor information

Editors and Affiliations

  1. Jean Monnet University, Saint-Etienne, France

    Vincent Grosso

  2. Infineon Technologies, Neubiberg, Germany

    Thomas Pöppelmann

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Steffen, H.M., Kogelheide, L.J., Bartkewitz, T. (2022). In-depth Analysis of Side-Channel Countermeasures for CRYSTALS-Kyber Message Encoding on ARM Cortex-M4. In: Grosso, V., Pöppelmann, T. (eds) Smart Card Research and Advanced Applications. CARDIS 2021. Lecture Notes in Computer Science(), vol 13173. Springer, Cham. https://doi.org/10.1007/978-3-030-97348-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-97348-3_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-97347-6

  • Online ISBN: 978-3-030-97348-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation