kth.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Breaking a Fifth-Order Masked Implementation of CRYSTALS-Kyber by Copy-Paste
KTH, School of Electrical Engineering and Computer Science (EECS), Electrical Engineering, Electronics and Embedded systems, Electronic and embedded systems.ORCID iD: 0000-0001-7382-9408
KTH, School of Electrical Engineering and Computer Science (EECS), Electrical Engineering, Electronics and Embedded systems, Electronic and embedded systems.ORCID iD: 0000-0002-9842-2038
KTH, School of Engineering Sciences (SCI), Mathematics (Dept.).
KTH, School of Electrical Engineering and Computer Science (EECS), Electrical Engineering, Electronics and Embedded systems.
2023 (English)In: PROCEEDINGS OF THE 10TH ACM ASIA PUBLIC-KEY CRYPTOGRAPHY WORKSHOP, APKC 2023, Association for Computing Machinery (ACM) , 2023, p. 10-20Conference paper, Published paper (Refereed)
Abstract [en]

CRYSTALS-Kyber has been selected by the NIST as a public-key encryption and key encapsulation mechanism to be standardized. It is also included in the NSA's suite of cryptographic algorithms recommended for national security systems. This makes it important to evaluate the resistance of CRYSTALS-Kyber's implementations to side-channel attacks. The unprotected and first-order masked software implementations have been already analysed. In this paper, we present deep learning-based message recovery attacks on the omega-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU for omega <= 5. The main contribution is a new neural network training method called recursive learning. In the attack on an omega-order masked implementation, we start training from an artificially constructed neural network M-omega whose weights are partly copied from a model M omega-1 trained on the (omega - 1)-order masked implementation, and then extended to one more share. Such a method allows us to train neural networks that can recover a message bit with the probability above 99% from high-order masked implementations.
Place, publisher, year, edition, pages
Association for Computing Machinery (ACM) , 2023. p. 10-20
Keywords [en]
Post-quantum cryptography, CRYSTALS-Kyber, side-channel attack, power analysis, deep learning
National Category
Embedded Systems
Identifiers
URN: urn:nbn:se:kth:diva-334684DOI: 10.1145/3591866.3593072ISI: 001032553600002Scopus ID: 2-s2.0-85168319470OAI: oai:DiVA.org:kth-334684DiVA, id: diva2:1791049
Conference
10th ACM Asia Public-Key Cryptography Workshop (APKC), JUL 10, 2023, Melbourne, AUSTRALIA
Note

QC 20231123

Available from: 2023-08-24 Created: 2023-08-24 Last updated: 2023-11-23Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Dubrova, ElenaNgo, KalleGärtner, JoelWang, Ruize

Search in DiVA

By author/editor
Dubrova, ElenaNgo, KalleGärtner, JoelWang, Ruize
By organisation
Electronic and embedded systemsMathematics (Dept.)Electronics and Embedded systems
Embedded Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 54 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub