A Hardware-Friendly Shuffling Countermeasure Against Side-Channel Attacks for Kyber
- URL: http://arxiv.org/abs/2407.02452v5
- Date: Sat, 05 Jul 2025 09:56:32 GMT
- Title: A Hardware-Friendly Shuffling Countermeasure Against Side-Channel Attacks for Kyber
- Authors: Dejun Xu, Kai Wang, Jing Tian,
- Abstract summary: CRYSTALS-Kyber has been standardized as the only key-encapsulation mechanism (KEM) scheme by NIST to withstand attacks by large-scale quantum computers.<n>We propose a secure and efficient hardware implementation for Kyber by incorporating a novel compact shuffling architecture.
- Score: 4.413722095749492
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: CRYSTALS-Kyber has been standardized as the only key-encapsulation mechanism (KEM) scheme by NIST to withstand attacks by large-scale quantum computers. However, the side-channel attacks (SCAs) on its implementation are still needed to be well considered for the upcoming migration. In this brief, we propose a secure and efficient hardware implementation for Kyber by incorporating a novel compact shuffling architecture. First of all, we modify the Fisher-Yates shuffle to make it more hardware-friendly. We then design an optimized shuffling architecture for the well-known open-source Kyber hardware implementation to enhance the security of all known and potential side-channel leakage points. Finally, we implement the modified Kyber design on FPGA and evaluate its security and performance. The security is verified by conducting correlation power analysis (CPA) and test vector leakage assessment (TVLA) on the hardware. Meanwhile, FPGA place-and-route results show that the proposed design reports only 8.7% degradation on the hardware efficiency compared with the original unprotected version, much better than existing hardware hiding schemes.
Related papers
- Performance and Storage Analysis of CRYSTALS Kyber as a Post Quantum Replacement for RSA and ECC [49.1574468325115]
CRYSTALS-Kyber is a post-quantum cryptographic solution standardized by NIST in 2022.<n>This study evaluates Kyber's practical viability through performance testing across various implementation schemes.
arXiv Detail & Related papers (2025-08-03T09:53:45Z) - A Zero-overhead Flow for Security Closure [1.737435659602194]
Security has been largely neglected when evaluating the Quality of Results (QoR) from physical synthesis.<n>We propose a modified ASIC design flow that is security-aware and does not degrade QoR for the sake of security improvement.
arXiv Detail & Related papers (2025-07-23T10:28:15Z) - DP2Guard: A Lightweight and Byzantine-Robust Privacy-Preserving Federated Learning Scheme for Industrial IoT [37.44256772381154]
DP2Guard is a lightweight PPFL framework that enhances both privacy and robustness.<n>A hybrid defense strategy is proposed, which extracts gradient features using singular value decomposition and cosine similarity.<n>A trust score-based adaptive aggregation scheme adjusts client weights according to historical behavior.
arXiv Detail & Related papers (2025-07-22T01:06:39Z) - CyFence: Securing Cyber-Physical Controllers via Trusted Execution Environment [45.86654759872101]
Cyber-physical systems (CPSs) have experienced a significant technological evolution and increased connectivity, at the cost of greater exposure to cyber-attacks.<n>We propose CyFence, a novel architecture that improves the resilience of closed-loop control systems against cyber-attacks by adding a semantic check.<n>We evaluate CyFence considering a real-world application, consisting of an active braking digital controller, demonstrating that it can mitigate different types of attacks with a negligible overhead.
arXiv Detail & Related papers (2025-06-12T12:22:45Z) - Application of $α$-order Information Metrics for Secure Communication in Quantum Physical Layer Design [45.41082277680607]
We study the $alpha$-order information-theoretic metrics based on R'enyi entropy.
We apply our framework to a practical scenario involving BPSK modulation over a lossy bosonic channel.
arXiv Detail & Related papers (2025-02-07T03:44:11Z) - Rudraksh: A compact and lightweight post-quantum key-encapsulation mechanism [5.002862916626837]
Resource-constrained devices such as wireless sensors and Internet of Things (IoT) devices have become ubiquitous in our digital ecosystem.
Due to the impending threat of quantum computers on our existing public-key cryptographic schemes and the limited resources available on IoT devices, it is important to lightweight post-quantum cryptographic schemes suitable for these devices.
In this work, we explore the design space of learning with error-based PQC schemes to design a lightweight key-encapsulation mechanism (KEM) suitable for resource-constrained devices.
arXiv Detail & Related papers (2025-01-23T16:16:23Z) - Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - Practical hybrid PQC-QKD protocols with enhanced security and performance [44.8840598334124]
We develop hybrid protocols by which QKD and PQC inter-operate within a joint quantum-classical network.
In particular, we consider different hybrid designs that may offer enhanced speed and/or security over the individual performance of either approach.
arXiv Detail & Related papers (2024-11-02T00:02:01Z) - Designing Short-Stage CDC-XPUFs: Balancing Reliability, Cost, and
Security in IoT Devices [2.28438857884398]
Physically Unclonable Functions (PUFs) generate unique cryptographic keys from inherent hardware variations.
Traditional PUFs like Arbiter PUFs (APUFs) and XOR Arbiter PUFs (XOR-PUFs) are susceptible to machine learning (ML) and reliability-based attacks.
We propose an optimized CDC-XPUF design that incorporates a pre-selection strategy to enhance reliability and introduces a novel lightweight architecture.
arXiv Detail & Related papers (2024-09-26T14:50:20Z) - A Security Assessment tool for Quantum Threat Analysis [34.94301200620856]
The rapid advancement of quantum computing poses a significant threat to many current security algorithms used for secure communication, digital authentication, and information encryption.
A sufficiently powerful quantum computer could potentially exploit vulnerabilities in these algorithms, rendering data in insecure transit.
This work developed a quantum assessment tool for organizations, providing tailored recommendations for transitioning their security protocols into a post-quantum world.
arXiv Detail & Related papers (2024-07-18T13:58:34Z) - Hardware-based stack buffer overflow attack detection on RISC-V architectures [42.170149806080204]
This work evaluates how well hardware-based approaches detect stack buffer overflow (SBO) attacks in RISC-V systems.
We conducted simulations on the PULP platform and examined micro-architecture events using semi-supervised anomaly detection techniques.
arXiv Detail & Related papers (2024-06-12T08:10:01Z) - Efficient Fault Detection Architectures for Modular Exponentiation Targeting Cryptographic Applications Benchmarked on FPGAs [2.156170153103442]
We propose a lightweight fault detection architecture tailored for modular exponentiation.
Our approach achieves an error detection rate close to 100%, all while introducing a modest computational overhead of approximately 7%.
arXiv Detail & Related papers (2024-02-28T04:02:41Z) - Carry Your Fault: A Fault Propagation Attack on Side-Channel Protected LWE-based KEM [12.164927192334748]
We propose a new fault attack on side-channel secure masked implementation of LWE-based key-encapsulation mechanisms.
We exploit the data dependency of the adder carry chain in A2B and extract sensitive information.
We show key recovery attacks of Kyber, although the leakage also exists for other schemes like Saber.
arXiv Detail & Related papers (2024-01-25T11:18:43Z) - Practical quantum secure direct communication with squeezed states [55.41644538483948]
We report the first table-top experimental demonstration of a CV-QSDC system and assess its security.
This realization paves the way into future threat-less quantum metropolitan networks, compatible with coexisting advanced wavelength division multiplexing (WDM) systems.
arXiv Detail & Related papers (2023-06-25T19:23:42Z) - ScionFL: Efficient and Robust Secure Quantized Aggregation [36.668162197302365]
We introduce ScionFL, the first secure aggregation framework for federated learning.
It operates efficiently on quantized inputs and simultaneously provides robustness against malicious clients.
We show that with no overhead for clients and moderate overhead for the server, we obtain comparable accuracy for standard FL benchmarks.
arXiv Detail & Related papers (2022-10-13T21:46:55Z) - PolyMPCNet: Towards ReLU-free Neural Architecture Search in Two-party
Computation Based Private Inference [23.795457990555878]
Secure multi-party computation (MPC) has been discussed, to enable the privacy-preserving deep learning (DL) computation.
MPCs often come at very high computation overhead, and potentially prohibit their popularity in large scale systems.
In this work, we develop a systematic framework, PolyMPCNet, of joint overhead reduction of MPC comparison protocol and hardware acceleration.
arXiv Detail & Related papers (2022-09-20T02:47:37Z) - Improved coherent one-way quantum key distribution for high-loss
channels [0.0]
We present a simple variant of COW-QKD and prove its security in the infinite-key limit.
Remarkably, the resulting key rate of our protocol is comparable with both the existing upper-bound on COW-QKD key rate and the secure key rate of the coherent-state BB84 protocol.
arXiv Detail & Related papers (2022-06-17T00:07:03Z) - Improved Finite-Key Security Analysis of Quantum Key Distribution
Against Trojan-Horse Attacks [0.0]
Most security proofs of quantum key distribution (QKD) disregard the effect of information leakage from the users' devices.
In a Trojan-horse attack, the eavesdropper injects strong light into the QKD apparatuses, and then analyzes the back-reflected light to learn information about their internal setting choices.
We derive finite-key security bounds for decoy-state-based QKD schemes in the presence of THAs, which significantly outperform previous analyses.
arXiv Detail & Related papers (2022-02-14T11:35:26Z) - Secure quantum key distribution with a subset of malicious devices [0.0]
Malicious manipulation of quantum key distribution (QKD) hardware is a serious threat to its security.
One possible approach to re-establish the security of QKD is to use a redundant number of devices.
We introduce an efficient distributed QKD post-processing protocol and prove its security in a variety of corruption models of the possibly malicious devices.
arXiv Detail & Related papers (2020-06-25T12:29:06Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.