Countermeasures against side-channel attacks in FrodoKEM: an implementation study
摘要
FrodoKEM is a lattice-based Public-Key Encryption (PKE)/Key Encapsulation Mechanism (KEM) scheme selected as a third-round candidate in the National Institute of Standards and Technology (NIST) post-quantum cryptography standardization process. It has also been recommended by the German Federal Office for Information Security and the Dutch National Communications Security Agency as a long-term confidential encryption algorithm and has been included in the ISO/IEC JTC 1/SC 27/WG 2 draft international standard for post-quantum cryptography. To address the threats of Side-Channel Attacks (SCA, including timing attacks, power analysis attacks, and fault attacks) against FrodoKEM, this paper proposes a security-enhanced implementation scheme. Specifically, during the sampling phase and ciphertext comparison, isochronous operations are adopted to eliminate timing sensitivity and mitigate the risk of timing attacks. In public key computation, masking techniques are incorporated to obscure critical data and operations, thereby resisting power analysis attacks. Additionally, a sampling calibration mechanism is implemented to detect and mitigate fault attacks. Under the same parameter sets, a performance comparison between the SCA-resistant scheme and the original FrodoKEM demonstrates that the increase in computational overhead is less than 0.8%, and the increase in memory overhead is less than 1.99%. The scheme’s strengthened resilience against SCA is further validated through Test Vector Leakage Assessment (TVLA), achieving a balance between enhanced security and minimal performance degradation.