FPGA bitstream fault injection attack and countermeasures on the sampling counter in CRYSTALS Kyber

Ziying Ni; Ayesha Khalid; Weiqiang Liu; Máire O'Neill

doi:10.1109/ISCAS58744.2024.10557946

FPGA bitstream fault injection attack and countermeasures on the sampling counter in CRYSTALS Kyber

Ziying Ni, Ayesha Khalid, Weiqiang Liu, Máire O'Neill

School of Electronics, Electrical Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

24 Downloads (Pure)

Abstract

The CRYSTALS Kyber algorithm is the public key encryption (PKE)/ key encapsulation mechanism (KEM) protocol undertaken for standardization by the US National Institute of Standards and Technology (NIST) the PQC competition and serves as the foundation for the Module-Lattice-Based (ML)-KEM scheme. The inherently strong security properties of the Kyber algorithm are considered to be resistant to attacks under quantum computers, but the security of its FPGA-based hardware implementation circuitry is still worth considering. In this work, we introduce the Nonce counter disabling attack, which targets the binomial distribution sampling process. We demonstrate that, in the modified primes of Kyber from Round 2, it is also effectively deduce the secret key s by equating it with the noise e. Our implementation of this attack on a Nexys 4 FPGA, with an additional DSP disabling filtering process to pinpoint the LUT. This attack is applicable to both the key generation and key encapsulation phases, and only need to modify 32-bit bitstream. Finally, We propose the Nonce counter check and the splitting of the $Nonce$ computation cycles methods to to prevent this attack in hardware design-level.

Original language	English
Title of host publication	IEEE International Symposium on Circuits and Systems (ISCAS 2024): proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
Number of pages	5
ISBN (Electronic)	9798350330991
ISBN (Print)	9798350331004
DOIs	https://doi.org/10.1109/ISCAS58744.2024.10557946
Publication status	Published - 02 Jul 2024
Event	IEEE International Symposium on Circuits and Systems 2024 - , Singapore Duration: 19 May 2024 → 22 May 2024 https://2024.ieee-iscas.org/

Publication series

Name	ISCAS Proceedings
ISSN (Print)	0271-4302
ISSN (Electronic)	2158-1525

Conference

Conference	IEEE International Symposium on Circuits and Systems 2024
Country/Territory	Singapore
Period	19/05/2024 → 22/05/2024
Internet address	https://2024.ieee-iscas.org/

Keywords

FPGA bitstream fault
injection attack and countermeasures
sampling counter
CRYSTALS Kyber

Access to Document

10.1109/ISCAS58744.2024.10557946Licence: Unspecified

FPGA bitstream fault injection attack and countermeasures on the sampling counter in CRYSTALS Kyber
Copyright 2024 IEEE This work is made available online in accordance with the publisher’s policies. Please refer to any applicable terms of use of the publisher.
Accepted author manuscript, 202 KBLicence: Unspecified

Efficient and secure hardware architectures for lattice based cryptography
Ni, Z. (Author), O'Neill, M. (Supervisor) & Khalid, A. (Supervisor), Dec 2024
Student thesis: Doctoral Thesis › Doctor of Philosophy

Cite this

@inproceedings{b7c6e73b0e0a4dd69734c557bd710673,

title = "FPGA bitstream fault injection attack and countermeasures on the sampling counter in CRYSTALS Kyber",

abstract = "The CRYSTALS Kyber algorithm is the public key encryption (PKE)/ key encapsulation mechanism (KEM) protocol undertaken for standardization by the US National Institute of Standards and Technology (NIST) the PQC competition and serves as the foundation for the Module-Lattice-Based (ML)-KEM scheme. The inherently strong security properties of the Kyber algorithm are considered to be resistant to attacks under quantum computers, but the security of its FPGA-based hardware implementation circuitry is still worth considering. In this work, we introduce the Nonce counter disabling attack, which targets the binomial distribution sampling process. We demonstrate that, in the modified primes of Kyber from Round 2, it is also effectively deduce the secret key s by equating it with the noise e. Our implementation of this attack on a Nexys 4 FPGA, with an additional DSP disabling filtering process to pinpoint the LUT. This attack is applicable to both the key generation and key encapsulation phases, and only need to modify 32-bit bitstream. Finally, We propose the Nonce counter check and the splitting of the $Nonce$ computation cycles methods to to prevent this attack in hardware design-level.",

keywords = "FPGA bitstream fault, injection attack and countermeasures, sampling counter, CRYSTALS Kyber",

author = "Ziying Ni and Ayesha Khalid and Weiqiang Liu and M{\'a}ire O'Neill",

year = "2024",

month = jul,

day = "2",

doi = "10.1109/ISCAS58744.2024.10557946",

language = "English",

isbn = "9798350331004",

series = "ISCAS Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "IEEE International Symposium on Circuits and Systems (ISCAS 2024): proceedings",

address = "United States",

note = "IEEE International Symposium on Circuits and Systems 2024 ; Conference date: 19-05-2024 Through 22-05-2024",

url = "https://2024.ieee-iscas.org/",

}

Ni, Z, Khalid, A, Liu, W & O'Neill, M 2024, FPGA bitstream fault injection attack and countermeasures on the sampling counter in CRYSTALS Kyber. in IEEE International Symposium on Circuits and Systems (ISCAS 2024): proceedings. ISCAS Proceedings, Institute of Electrical and Electronics Engineers Inc., IEEE International Symposium on Circuits and Systems 2024, Singapore, 19/05/2024. https://doi.org/10.1109/ISCAS58744.2024.10557946

FPGA bitstream fault injection attack and countermeasures on the sampling counter in CRYSTALS Kyber. / Ni, Ziying; Khalid, Ayesha; Liu, Weiqiang et al.
IEEE International Symposium on Circuits and Systems (ISCAS 2024): proceedings. Institute of Electrical and Electronics Engineers Inc., 2024. (ISCAS Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - FPGA bitstream fault injection attack and countermeasures on the sampling counter in CRYSTALS Kyber

AU - Ni, Ziying

AU - Khalid, Ayesha

AU - Liu, Weiqiang

AU - O'Neill, Máire

PY - 2024/7/2

Y1 - 2024/7/2

N2 - The CRYSTALS Kyber algorithm is the public key encryption (PKE)/ key encapsulation mechanism (KEM) protocol undertaken for standardization by the US National Institute of Standards and Technology (NIST) the PQC competition and serves as the foundation for the Module-Lattice-Based (ML)-KEM scheme. The inherently strong security properties of the Kyber algorithm are considered to be resistant to attacks under quantum computers, but the security of its FPGA-based hardware implementation circuitry is still worth considering. In this work, we introduce the Nonce counter disabling attack, which targets the binomial distribution sampling process. We demonstrate that, in the modified primes of Kyber from Round 2, it is also effectively deduce the secret key s by equating it with the noise e. Our implementation of this attack on a Nexys 4 FPGA, with an additional DSP disabling filtering process to pinpoint the LUT. This attack is applicable to both the key generation and key encapsulation phases, and only need to modify 32-bit bitstream. Finally, We propose the Nonce counter check and the splitting of the $Nonce$ computation cycles methods to to prevent this attack in hardware design-level.

AB - The CRYSTALS Kyber algorithm is the public key encryption (PKE)/ key encapsulation mechanism (KEM) protocol undertaken for standardization by the US National Institute of Standards and Technology (NIST) the PQC competition and serves as the foundation for the Module-Lattice-Based (ML)-KEM scheme. The inherently strong security properties of the Kyber algorithm are considered to be resistant to attacks under quantum computers, but the security of its FPGA-based hardware implementation circuitry is still worth considering. In this work, we introduce the Nonce counter disabling attack, which targets the binomial distribution sampling process. We demonstrate that, in the modified primes of Kyber from Round 2, it is also effectively deduce the secret key s by equating it with the noise e. Our implementation of this attack on a Nexys 4 FPGA, with an additional DSP disabling filtering process to pinpoint the LUT. This attack is applicable to both the key generation and key encapsulation phases, and only need to modify 32-bit bitstream. Finally, We propose the Nonce counter check and the splitting of the $Nonce$ computation cycles methods to to prevent this attack in hardware design-level.

KW - FPGA bitstream fault

KW - injection attack and countermeasures

KW - sampling counter

KW - CRYSTALS Kyber

U2 - 10.1109/ISCAS58744.2024.10557946

DO - 10.1109/ISCAS58744.2024.10557946

M3 - Conference contribution

SN - 9798350331004

T3 - ISCAS Proceedings

BT - IEEE International Symposium on Circuits and Systems (ISCAS 2024): proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - IEEE International Symposium on Circuits and Systems 2024

Y2 - 19 May 2024 through 22 May 2024

ER -

FPGA bitstream fault injection attack and countermeasures on the sampling counter in CRYSTALS Kyber

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Student theses

Efficient and secure hardware architectures for lattice based cryptography

Cite this