Secret in OnePiece: Single-Bit Fault Attack on Kyber
摘要
The post-quantum key encapsulation mechanism, Kyber, has recently been selected by the National Institution of Standards and Technology for standardization, making the study of its implementation security a critical concern. As a widely used countermeasure against implementation attacks, masking has been proven effective in protecting Kyber implementations from side-channel attacks. However, the masking process complicates the original scheme and introduces additional operations, raising the question of whether these changes open up new attack vectors. In this paper, we propose a novel fault attack targeting the masked implementation of Kyber, focusing on the masked message decoder. Our generic single-bit fault attack is amplified by masked implementations of Kyber. Moreover, the randomness introduced by masking allows a stuck-at fault to behave as a bit-flip fault with a certain flip probability, thereby simplifying the complexity associated with fault injection. Based on a practical attacker model, we demonstrate that each faulted decapsulation reveals partial information about the secret key in the form of an inequality. By employing a solver based on statistical theory and two filtering techniques, the entire secret key can be efficiently recovered by solving the resulting system of inequalities. Only 36,000 (Kyber512), 54,000 (Kyber768), and 4,000,000 (Kyber1024) inequalities are required for key recovery. We validated the effectiveness of our attack through experiments on an STM32F4 target board, with introducing the required faults by clock glitches. The experimental results demonstrate that the required number of faulted decapsualtion can be reduced from more than 540, 000 to 380, 000 when dealing with Kyber512. These findings highlight the risks brought by masking when considering fault attacks.