An Improved Two-Step Attack on Lattice-Based Cryptography: A Case Study of Kyber

IF 2.9 3区计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems Pub Date : 2025-03-11 DOI:10.1109/TCAD.2025.3550443

Kai Wang;Dejun Xu;Jing Tian

{"title":"An Improved Two-Step Attack on Lattice-Based Cryptography: A Case Study of Kyber","authors":"Kai Wang;Dejun Xu;Jing Tian","doi":"10.1109/TCAD.2025.3550443","DOIUrl":null,"url":null,"abstract":"After three rounds of post-quantum cryptography (PQC) strict evaluations conducted by NIST, CRYSTALS-Kyber was successfully selected in July 2022 and standardized in August 2024. It becomes urgent to further evaluate Kyber’s physical security for the upcoming deployment phase. In this brief, we present an improved two-step attack on Kyber to quickly recover the full secret key, s, by using much fewer power traces and less time. In the first step, we use the correlation power analysis (CPA) to obtain a portion of guess values of s with a small number of power traces. The CPA is enhanced by utilizing both Pearson and Kendall’s rank correlation coefficients and modifying the leakage model to improve the accuracy. In the second step, we adopt the lattice attack to recover s based on the results of CPA. The success rate is largely built up by constructing a trial-and-error method. We deploy the reference implementations of Kyber-512, -768, and -1024 on an ARM Cortex-M4 target board and successfully recover s in approximately <inline-formula> <tex-math>$9\\sim 10$ </tex-math></inline-formula> min with at most 15 power traces, using a Xeon Gold 6342-equipped machine for the attack.","PeriodicalId":13251,"journal":{"name":"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems","volume":"44 9","pages":"3643-3647"},"PeriodicalIF":2.9000,"publicationDate":"2025-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10922732/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

After three rounds of post-quantum cryptography (PQC) strict evaluations conducted by NIST, CRYSTALS-Kyber was successfully selected in July 2022 and standardized in August 2024. It becomes urgent to further evaluate Kyber’s physical security for the upcoming deployment phase. In this brief, we present an improved two-step attack on Kyber to quickly recover the full secret key, s, by using much fewer power traces and less time. In the first step, we use the correlation power analysis (CPA) to obtain a portion of guess values of s with a small number of power traces. The CPA is enhanced by utilizing both Pearson and Kendall’s rank correlation coefficients and modifying the leakage model to improve the accuracy. In the second step, we adopt the lattice attack to recover s based on the results of CPA. The success rate is largely built up by constructing a trial-and-error method. We deploy the reference implementations of Kyber-512, -768, and -1024 on an ARM Cortex-M4 target board and successfully recover s in approximately

$9\sim 10$

min with at most 15 power traces, using a Xeon Gold 6342-equipped machine for the attack.

查看原文本刊更多论文

一种改进的基于格密码的两步攻击：以Kyber为例

经过NIST进行的三轮后量子密码学（PQC）严格评估，CRYSTALS-Kyber于2022年7月成功入选，并于2024年8月标准化。在即将到来的部署阶段，进一步评估Kyber的物理安全性变得迫在眉睫。在本文中，我们提出了一种改进的针对Kyber的两步攻击，通过使用更少的电源跟踪和更短的时间，快速恢复完整的密钥s。在第一步中，我们使用相关功率分析（CPA）来获得具有少量功率走线的s的一部分猜测值。利用Pearson和Kendall的等级相关系数和修改泄漏模型来提高CPA的准确性。第二步，我们在CPA的基础上采用点阵攻击来恢复s。成功率很大程度上是通过构建一种试错法建立起来的。我们在ARM Cortex-M4目标板上部署了Kyber-512， -768和-1024的参考实现，并使用配备至强黄金6442的机器进行攻击，在最多15个电源走线的情况下，成功地在大约9美元/ 10美元的时间内恢复了s。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 工程技术-工程：电子与电气

CiteScore

5.60

自引率

13.80%

发文量

500

审稿时长

7 months

期刊介绍： The purpose of this Transactions is to publish papers of interest to individuals in the area of computer-aided design of integrated circuits and systems composed of analog, digital, mixed-signal, optical, or microwave components. The aids include methods, models, algorithms, and man-machine interfaces for system-level, physical and logical design including: planning, synthesis, partitioning, modeling, simulation, layout, verification, testing, hardware-software co-design and documentation of integrated circuit and system designs of all complexities. Design tools and techniques for evaluating and designing integrated circuits and systems for metrics such as performance, power, reliability, testability, and security are a focus.