Side-Channel Analysis of Arithmetic Encodings for Post-Quantum Cryptography: Cautionary Notes with Application to Kyber

Side-Channel Analysis of Arithmetic Encodings for Post-Quantum Cryptography: Cautionary Notes with Application to Kyber

연구 분야: Cryptography

학회: International Conference on Cryptology in Africa

The unprotected implementations of Kyber and Dilithium have recently been shown to offer a variety of side-channel attack paths. These attacks have in turn triggered the investigation of secure and efficient masked implementations. In this paper, we observe that the design and evaluation of such masked implementations come with new challenges, due to the manipulation of small and non-uniform secrets that is common in post-quantum encryption algorithms, which may hinder their good understanding. On the one hand, we show that using the Signal-to-Noise Ratio (SNR) per share to select Points-of-Interest (POIs) in leakage traces, as it is common in symmetric cryptography, can lead to confusing outcomes where leakage samples that correspond to the manipulation of another share than the targeted one are detected. On the other hand, we show that the arithmetic encoding of small and non-uniform secrets leads to representation-dependencies so that summing or subtracting shares leads to different amounts of information leakage. We apply these observations to Kyber and show that they essentially vanish when increasing the number of shares. Incidentally, we also discuss the attack strategies to recover small and non-uniform secrets with side-channel attacks efficiently. We hope these observations can help implementers and evaluators to better interpret their security claims.