Revisiting the Masking Strategy: A Side-Channel Attack on CRYSTALS-Kyber

IF 6.3 1区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

IEEE Transactions on Information Forensics and Security Pub Date : 2025-03-11 DOI:10.1109/TIFS.2025.3550061

Jianfeng Du;Zhu Wang;Aimin Yu

{"title":"Revisiting the Masking Strategy: A Side-Channel Attack on CRYSTALS-Kyber","authors":"Jianfeng Du;Zhu Wang;Aimin Yu","doi":"10.1109/TIFS.2025.3550061","DOIUrl":null,"url":null,"abstract":"As the sole NIST-standardized quantum-resistant key encapsulation mechanism, CRYSTALS-Kyber demands rigorous scrutiny of its side-channel countermeasures. However, there is a lack of research on side-channel security for the message decoding module in masked CRYSTALS-Kyber. In this paper, we seek to address this gap. First, we conduct a side-channel security evaluation of the first-order masked message decoding function in mkm4 of CRYSTALS-Kyber, finding that an incremental storage vulnerability still exists. Then, we implement a practical experiment in the Cortex-M4 CPU using the sum-of-squared difference method, with the accuracy of the message recovery reaching 90.6% and the secret key recovery achieving 77.2%. Furthermore, we theoretically analyze that any order of masking strategy cannot effectively protect the message decoding function, except by increasing the attack difficulty to a limited extent. We also provide our idea for solving this problem by emulating the data behavior of the dual-rail pre-charge logic circuit at the software level, which can effectively ensure the implementation security of CRYSTALS-Kyber.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"3387-3399"},"PeriodicalIF":6.3000,"publicationDate":"2025-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10922173/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

As the sole NIST-standardized quantum-resistant key encapsulation mechanism, CRYSTALS-Kyber demands rigorous scrutiny of its side-channel countermeasures. However, there is a lack of research on side-channel security for the message decoding module in masked CRYSTALS-Kyber. In this paper, we seek to address this gap. First, we conduct a side-channel security evaluation of the first-order masked message decoding function in mkm4 of CRYSTALS-Kyber, finding that an incremental storage vulnerability still exists. Then, we implement a practical experiment in the Cortex-M4 CPU using the sum-of-squared difference method, with the accuracy of the message recovery reaching 90.6% and the secret key recovery achieving 77.2%. Furthermore, we theoretically analyze that any order of masking strategy cannot effectively protect the message decoding function, except by increasing the attack difficulty to a limited extent. We also provide our idea for solving this problem by emulating the data behavior of the dual-rail pre-charge logic circuit at the software level, which can effectively ensure the implementation security of CRYSTALS-Kyber.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Information Forensics and Security 工程技术-工程：电子与电气

CiteScore

14.40

自引率

7.40%

发文量

234

审稿时长

6.5 months

期刊介绍： The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features