A Hardware-Friendly Shuffling Countermeasure Against Side-Channel Attacks for Kyber
Reviewed by Pithpith:FRKO2LVYopen to challenge →
read the original abstract
CRYSTALS-Kyber has been standardized as the only key-encapsulation mechanism (KEM) scheme by NIST to withstand attacks by large-scale quantum computers. However, the side-channel attacks (SCAs) on its implementation are still needed to be well considered for the upcoming migration. In this brief, we propose a secure and efficient hardware implementation for Kyber by incorporating a novel compact shuffling architecture. First of all, we modify the Fisher-Yates shuffle to make it more hardware-friendly. We then design an optimized shuffling architecture for the well-known open-source Kyber hardware implementation to enhance the security of all known and potential side-channel leakage points. Finally, we implement the modified Kyber design on FPGA and evaluate its security and performance. The security is verified by conducting correlation power analysis (CPA) and test vector leakage assessment (TVLA) on the hardware. Meanwhile, FPGA place-and-route results show that the proposed design reports only 8.7% degradation on the hardware efficiency compared with the original unprotected version, much better than existing hardware hiding schemes.
This paper has not been read by Pith yet.
Forward citations
Cited by 1 Pith paper
-
Exploring Side-Channel Protections in Hardware Implementations of PQC ML-KEM Verification
Experimental evaluation finds that higher-order masked ML-KEM FO verification still leaks first-order information on FPGAs due to parallelized hardware processing, allowing secret-key recovery.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.