The reviewed record of science sign in
Pith

arxiv: 2407.02452 · v5 · pith:FRKO2LVY · submitted 2024-07-02 · cs.CR

A Hardware-Friendly Shuffling Countermeasure Against Side-Channel Attacks for Kyber

Reviewed by Pithpith:FRKO2LVYopen to challenge →

classification cs.CR
keywords hardwarekyberattacksdesignimplementationsecurityshufflingside-channel
0
0 comments X
read the original abstract

CRYSTALS-Kyber has been standardized as the only key-encapsulation mechanism (KEM) scheme by NIST to withstand attacks by large-scale quantum computers. However, the side-channel attacks (SCAs) on its implementation are still needed to be well considered for the upcoming migration. In this brief, we propose a secure and efficient hardware implementation for Kyber by incorporating a novel compact shuffling architecture. First of all, we modify the Fisher-Yates shuffle to make it more hardware-friendly. We then design an optimized shuffling architecture for the well-known open-source Kyber hardware implementation to enhance the security of all known and potential side-channel leakage points. Finally, we implement the modified Kyber design on FPGA and evaluate its security and performance. The security is verified by conducting correlation power analysis (CPA) and test vector leakage assessment (TVLA) on the hardware. Meanwhile, FPGA place-and-route results show that the proposed design reports only 8.7% degradation on the hardware efficiency compared with the original unprotected version, much better than existing hardware hiding schemes.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Exploring Side-Channel Protections in Hardware Implementations of PQC ML-KEM Verification

    cs.CR 2026-06 unverdicted novelty 4.0

    Experimental evaluation finds that higher-order masked ML-KEM FO verification still leaks first-order information on FPGAs due to parallelized hardware processing, allowing secret-key recovery.