Abstract
A variety of post-quantum cryptographic schemes are currently undergoing standardization in the National Institute of Standards and Technology’s post-quantum cryptography standardization process. It is well known from classical cryptography that actual implementations of cryptographic schemes can be attacked by exploiting side-channels, e.g. timing behavior, power consumption or emanation in the electromagnetic field. Although several of the reference implementations currently in the third and final standardization round are – to some extent – implemented in a timing-constant fashion, resistance against other side-channels is not taken into account yet.
Implementing sufficient countermeasures, however, is challenging. We therefore exemplarily examine CRYSTALS-Kyber, which is a lattice-based key encapsulation mechanism currently considered as a candidate for standardization. By analyzing the power consumption side-channel during message encoding we develop four more and compare six different implementations with an increasing degree of countermeasures. We show that introducing randomization countermeasures is crucial as all examined implementations aiming at reducing the leakage by minimizing the Hamming distance of the processed intermediate values only are vulnerable against single-trace attacks when implemented on an ARM Cortex-M4.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Proportion of correctly classified traces, i.e. \(r_s = \tiny {\frac{Correctly classified traces }{Number of traces }}\).
References
Amiet, D., Curiger, A., Leuenberger, L., Zbinden, P.: Defeating NewHope with a single trace. In: Ding, J., Tillich, J.-P. (eds.) PQCrypto 2020. LNCS, vol. 12100, pp. 189–205. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44223-1_11
Avanzi, R., et al.: NIST Submission Package for round 3 (2020). https://pq-crystals.org/kyber/resources.shtml
Avanzi, R., et al.: CRYSTALS - kyber: algorithm specifications and supporting documentation (version 3.01) (2021). https://pq-crystals.org/kyber/data/kyber-specification-round3-20210131.pdf
Bache, F., Paglialonga, C., Oder, T., Schneider, T., Güneysu, T.: High-Speed Masking for Polynomial Comparison in Lattice-based KEMs. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(3), 483–507 (2020)
Bhasin, S., D’Anvers, J.P., Heinz, D., Pöppelmann, T., Beirendonck, M.V.: Attacking and defending masked polynomial comparison for lattice-based cryptography. Cryptology ePrint Archive, Report 2021/104 (2021)
Bos, J.W., et al.: CRYSTALS - Kyber: a CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy, Euro S&P 2018, pp. 353–367. IEEE (2018)
Bos, J.W., Gourjon, M., Renes, J., Schneider, T., van Vredendaal, C.: Masking Kyber: first- and higher-order implementations. Cryptology ePrint Archive, Report 2021/483 (2021)
Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (2006)
Ding, A.A., Zhang, L., Durvaux, F., Standaert, F.-X., Fei, Y.: Towards sound and optimal leakage detection procedure. In: Eisenbarth, T., Teglia, Y. (eds.) CARDIS 2017. LNCS, vol. 10728, pp. 105–122. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75208-2_7
Fritzmann, T., et al.: Masked accelerators and instruction set extensions for post-quantum cryptography. Cryptology ePrint Archive, Report 2021/479 (2021)
Fujisaki, E., Okamoto, T.: Secure Integration of Asymmetric and Symmetric Encryption Schemes. In: Wiener, M.J. (ed.) Advances in Cryptology - CRYPTO ’99. LNCS, vol. 1666, pp. 537–554. Springer (1999).
Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic Analysis: Concrete Results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2001. pp. 251–261. Springer (2001).
Gierlichs, B., Lemke-Rust, K., Paar, C.: Templates vs. Stochastic Methods. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2006. pp. 15–29. Springer (2006).
Google: A Preview of Bristlecone, Google’s New Quantum Processor (2018). https://ai.googleblog.com/2018/03/a-preview-of-bristlecone-googles-new.html
IBM: IBM’s Roadmap For Scaling Quantum Technology (2020). https://www.ibm.com/blogs/research/2020/09/ibm-quantum-roadmap
Kocher, Paul, Jaffe, Joshua, Jun, Benjamin: Differential Power Analysis. In: Wiener, Michael (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25
Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) Advances in Cryptology - CRYPTO ’96. pp. 104–113. Springer (1996)
Moody, D., et al.: Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process (2020)
Mosca, M.: Towards quantum-safe cryptography. In: Mosca, M., Lenhart, G., Pecen, M. (eds.) 1st Quantum-Safe-Crypto Workshop, pp. 39–49. ETSI (2013). https://docbox.etsi.org/Workshop/2013/201309_CRYPTO/e-proceedings_Crypto_2013.pdf
Mosca, M.: Cybersecurity in an Era with Quantum Computers: Will We Be Ready? IEEE Secur. Priv. 16(5), 38–41 (2018)
National Institute of Standards and Technology: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Technical Report. Federal Information Processing Standards Publications (FIPS PUBS) 202, U.S. Department of Commerce, Washington, D.C. (2015)
National Institute of Standards and Technology: PQC Standardization Process: Third Round Candidate Announcement (2020). https://www.nist.gov/news-events/news/2020/07/pqc-standardization-process-third-round-candidate-announcement
NIST: Post Quantum Cryptography - Workshops and Timeline (2021). https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline
NXP: FRDM-K22F: NXP Freedom Developement Platform for Kinetis K22 MCUs (2021). https://www.nxp.com/design/development-boards/freedom-development-boards/mcu-boards/nxp-freedom-development-platform-for-kinetis-k22-mcus:FRDM-K22F
Oder, T., Schneider, T., Pöppelmann, T., Güneysu, T.: Practical CCA2-secure and masked ring-LWE implementation. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(1), 142–174 (2018)
Ravi, P., Roy, S.S., Chattopadhyay, A., Bhasin, S.: Generic Side-channel attacks on CCA-secure lattice-based PKE and KEMs. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(3), 307–335 (2020)
Reparaz, O., de Clercq, R., Roy, S.S., Vercauteren, F., Verbauwhede, I.: Additively Homomorphic Ring-LWE Masking. In: Takagi, T. (ed.) Post-Quantum Cryptography - PQCrypto 2016. LNCS, vol. 9606, pp. 233–244. Springer (2016).
Reparaz, O., Roy, S.S., Vercauteren, F., Verbauwhede, I.: A Masked Ring-LWE Implementation. In: Güneysu, T., Handschuh, H. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2015. LNCS, vol. 9293, pp. 683–702. Springer (2015).
Rodriguez-Henriquez, F., Jaques, S., Lochter, M., Mosca, M.: How long can we safely use pre-quantum ECC? (2020). https://eccworkshop.org/2020
Shor, P.W.: Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM J. Comput. 26(5), 1484–1509 (1997)
Sim, B., et al.: Single-trace attacks on message encoding in lattice-based KEMs. IEEE Access 8, 183175–183191 (2020)
Xu, Z., Pemberton, O., Roy, S.S., Oswald, D.: Magnifying side-channel leakage of lattice-based cryptosystems with chosen ciphertexts: the case study of kyber. Cryptology ePrint Archive, Report 2020/912 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Steffen, H.M., Kogelheide, L.J., Bartkewitz, T. (2022). In-depth Analysis of Side-Channel Countermeasures for CRYSTALS-Kyber Message Encoding on ARM Cortex-M4. In: Grosso, V., Pöppelmann, T. (eds) Smart Card Research and Advanced Applications. CARDIS 2021. Lecture Notes in Computer Science(), vol 13173. Springer, Cham. https://doi.org/10.1007/978-3-030-97348-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-97348-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-97347-6
Online ISBN: 978-3-030-97348-3
eBook Packages: Computer ScienceComputer Science (R0)