Bitstream fault injection attacks on CRYSTALS Kyber implementations on FPGAs

Ziying Ni, Ayesha Khalid, Weiqiang Liu, Maire O'Neill

Research output: Chapter in Book/Report/Conference proceedingConference contribution

80 Downloads (Pure)

Abstract

CRYSTALS-Kyber is the only Public-key Encryption (PKE)/ Key-encapsulation Mechanism (KEM) scheme that was chosen for standardization by the National Institute of Standards and Technology initiated Post-quantum Cryptography competition (so called NIST PQC). In this paper, we show the first successfully malicious modifications of the bitstream of a Kyber FPGA implementation. We successfully demonstrate 4 different attacks on Kyber hardware implementations on Artix-7 FPGAs that either reduce the complexity of polynomial multiplication operations or enable direct secret key/ message recovery by: disabling BRAMs, disabling DSPs, zeroing NTT ROM and tampering with CBD2 results. Two of our attacks are generic in nature and the other two require reverse-engineering or a detailed knowledge of the design. We evaluate the feasibility of the four attacks, among which the zeroing NTT ROM and tampering with the CBD2 result attacks produce higher public key and ciphertext complexity and thus are difficult to be detected. Two countermeasures are proposed to prevent the attacks proposed in this paper.
Original languageEnglish
Title of host publicationDesign, Automation and Test in Europe Conference 2024: proceedings
PublisherIEEE Xplore
ISBN (Electronic)9783981926385
ISBN (Print)9798350348606
Publication statusEarly online date - 10 Jun 2024
EventDesign, Automation and Test in Europe Conference 2024 - Vaencia, Spain
Duration: 25 Mar 202427 Mar 2024
https://www.date-conference.com/

Publication series

NameDesign, Automation and Test in Europe Conference: proceedings
ISSN (Print)1530-1591
ISSN (Electronic)1558-1101

Conference

ConferenceDesign, Automation and Test in Europe Conference 2024
Period25/03/202427/03/2024
Internet address

Fingerprint

Dive into the research topics of 'Bitstream fault injection attacks on CRYSTALS Kyber implementations on FPGAs'. Together they form a unique fingerprint.

Cite this