With continued improvements in the quantum computing area, the future security of current encryption schemes is uncertain. The National Institute of Standards and Technology (NIST) has standardized post-quantum lattice-based ciphers, such as CRYSTALS-Kyber (as ML-KEM), for this purpose. While a significant amount of research on potential weaknesses of such new encryption schemes has been performed, their implementations may still remain vulnerable to Side Channel Analysis (SCA). In this paper, we investigate the possibility of leveraging the power side channel on a hardware implementation of ML-KEM. The circuit under attack has been obtained by High-level Synthesis (HLS). This complicates the attack, as no details about the internal implementation are known to the attacker, though points of interest in the captured power traces can be identified using known methods. While several methods exist to perform SCA, we make use of Neural Networks (NNs) to extract information about intermediate decryption values from the implementation’s power consumption. With our attack method, we find that it is feasible to recover the secret decryption key from power consumption information, assuming the attacker is able to provide arbitrary ciphertexts for decryption.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Hamming Weight-Based Side Channel Analysis of HLS Kyber Hardware Using Neural Networks

  • Alexander Kharitonov,
  • Tarick Welling,
  • Maël Gay,
  • Ilia Polian

摘要

With continued improvements in the quantum computing area, the future security of current encryption schemes is uncertain. The National Institute of Standards and Technology (NIST) has standardized post-quantum lattice-based ciphers, such as CRYSTALS-Kyber (as ML-KEM), for this purpose. While a significant amount of research on potential weaknesses of such new encryption schemes has been performed, their implementations may still remain vulnerable to Side Channel Analysis (SCA). In this paper, we investigate the possibility of leveraging the power side channel on a hardware implementation of ML-KEM. The circuit under attack has been obtained by High-level Synthesis (HLS). This complicates the attack, as no details about the internal implementation are known to the attacker, though points of interest in the captured power traces can be identified using known methods. While several methods exist to perform SCA, we make use of Neural Networks (NNs) to extract information about intermediate decryption values from the implementation’s power consumption. With our attack method, we find that it is feasible to recover the secret decryption key from power consumption information, assuming the attacker is able to provide arbitrary ciphertexts for decryption.