NIST has recently selected CRYSTALS-Kyber as a new public key encryption and key establishment algorithm to be standardized. This makes it important to evaluate the resistance of CRYSTALS-Kyber implementations to side-channel attacks. Software implementations of CRYSTALS-Kyber have already been thoroughly analysed. The discovered vulnerabilities have helped improve subsequently released versions and promoted stronger countermeasures against side-channel attacks. In this paper, we present the first attack on a protected hardware implementation of CRYSTALS-Kyber. We demonstrate a practical message (shared key) recovery attack on the first-order masked FPGA implementation of Kyber-512 by Kamucheka et al. (2022) using power analysis based on the Hamming distance leakage model. The presented attack exploits a vulnerability located in the masked message decoding function executed during the decryption step of decapsulation. The message recovery is performed using a profiled deep learning-assisted method which extracts the message directly, without explicitly retrieving each share. By repeating the same decapsulation multiple times, it is possible to increase the success rate of full shared key recovery to 99%. We also analyse the feasibility of recovering shared keys during encapsulation and propose a countermeasure against the presented attack that is also applicable to FPGA implementations of other cryptographic algorithms.

In this paper, we present a side-channel attack on the hardware AES accelerator of a Bluetooth chip used in millions of devices worldwide, ranging from wearables and smart home products to industrial IoT. The attack leverages information about AES computations unintentionally transmitted by the chip together with RF signals to recover the encryption key. Unlike traditional side-channel attacks that rely on power or near-field electromagnetic emissions as sources of information, RF-based attacks leave no evidence of tampering, as they do not require package removal, chip decapsulation, or additional soldered components. However, side-channel emissions extracted from RF signals are considerably weaker and noisier, necessitating more traces for key recovery. The presented profiled machine learning-assisted attack can recover the full encryption key from 45,000 traces captured at a one-meter distance from the target device, with each trace being an average of 10,000 samples per encryption. This is a fourfold improvement over the correlation analysis-based attack on the same AES accelerator.

In this paper, we demonstrate the first successful extraction of the encryption key from the hardware AES accelerator in the nRF52832 Bluetooth Low Energy system-on-chip operating in Counter with CBC-MAC (CCM) mode using side-channel information recovered from RF signals. This attack marks a significant milestone, as previous attempts to break this accelerator were unsuccessful. Our results provide a critical insight into the proprietary hardware AES-CCM accelerator in the nRF52832, paving the way for future enhancements to its resistance to side-channel attacks. All the related data are made available to the research community to promote further analysis.

CRYSTALS-Kyber has been selected by the NIST as a post-quantum public-key encryption and key establishment algorithm to be standardized. This makes it important to develop side-channel attack resistant implementations of CRYSTALS-Kyber. In this paper, we propose utilizing duplication combined with clock randomization as a means of protecting CRYSTALS-Kyber FPGA implementations from side-channel attacks. Such a countermeasure has been proven effective in ensuring side-channel resistance of AES FPGA implementations. It has the benefits of universal coverage, glitch immunity, and zero clock cycle overhead. We present a protected version of CRYSTALS-Kyber built on the top of the lightweight unprotected implementation by Xing el al. Our security evaluation shows that the protected implementation is resistant to deep learning-based side-channel attacks.

CRYSTALS-Kyber has been recently selected by the NIST as a new public-key encryption and key-establishment algorithm to be standardized. This makes it important to assess how well CRYSTALS-Kyber implementations withstand side-channel attacks. Software implementations of CRYSTALS-Kyber have already been analyzed and the discovered vulnerabilities were patched in the subsequently released versions. In this paper, we present a profiling side-channel attack on a hardware implementation of CRYSTALS-Kyber. Since hardware implementations carry out computations in parallel, they are typically more difficult to break than their software counterparts. We demonstrate a successful message (session key) recovery attack on a Xilinx Artix-7 FPGA implementation of CRYSTALS-Kyber  by deep learning-based power analysis. Our results indicate that currently available hardware implementations of CRYSTALS-Kyber need better protection against side-channel attacks.

NIST has recently selected CRYSTALS-Kyber as a new public key encryption and key establishment algorithm to be standardized. This makes it important to evaluate the resistance of CRYSTALS-Kyber implementations to side-channel attacks. Software implementations of CRYSTALS-Kyber have already been thoroughly analysed. The discovered vulnerabilities helped improve the subsequently released versions and promoted stronger countermeasures against side-channel attacks. In this paper, we present the first attack on a protected hardware implementation of CRYSTALS-Kyber. We demonstrate a practical message (shared key) recovery attack on the first-order masked FPGA implementation of Kyber-512 by Kamucheka et al. (2022) using power analysis based on the Hamming distance leakage model. The presented attack exploits a vulnerability located in the masked message decoding procedure which is called during the decryption step of the decapsulation. The message recovery is performed using a profiled deep learning-based method which extracts the message directly, without extracting each share explicitly. By repeating the same decapsulation process multiple times, it is possible to increase the success rate of full shared key recovery to 99%.