FPGA bitstream fault injection attack and countermeasures on the sampling counter in CRYSTALS Kyber

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The CRYSTALS Kyber algorithm is the public key encryption (PKE)/ key encapsulation mechanism (KEM) protocol undertaken for standardization by the US National Institute of Standards and Technology (NIST) the PQC competition and serves as the foundation for the Module-Lattice-Based (ML)-KEM scheme. The inherently strong security properties of the Kyber algorithm are considered to be resistant to attacks under quantum computers, but the security of its FPGA-based hardware implementation circuitry is still worth considering. In this work, we introduce the Nonce counter disabling attack, which targets the binomial distribution sampling process. We demonstrate that, in the modified primes of Kyber from Round 2, it is also effectively deduce the secret key s by equating it with the noise e. Our implementation of this attack on a Nexys 4 FPGA, with an additional DSP disabling filtering process to pinpoint the LUT. This attack is applicable to both the key generation and key encapsulation phases, and only need to modify 32-bit bitstream. Finally, We propose the Nonce counter check and the splitting of the $Nonce$ computation cycles methods to to prevent this attack in hardware design-level.

Original languageEnglish
Title of host publicationProceedings of the IEEE International Symposium on Circuits and Systems, ISCAS 2024
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages5
Publication statusAccepted - 15 Jan 2024
EventIEEE International Symposium on Circuits and Systems 2024 - , Singapore
Duration: 19 May 202422 May 2024
https://2024.ieee-iscas.org/

Publication series

NameISCAS Proceedings
ISSN (Electronic)2379-447X

Conference

ConferenceIEEE International Symposium on Circuits and Systems 2024
Country/TerritorySingapore
Period19/05/202422/05/2024
Internet address

Fingerprint

Dive into the research topics of 'FPGA bitstream fault injection attack and countermeasures on the sampling counter in CRYSTALS Kyber'. Together they form a unique fingerprint.

Cite this