International Association for Cryptologic Research

International Association
for Cryptologic Research

Transactions on Cryptographic Hardware and Embedded Systems, Volume 2022

Roulette: A Diverse Family of Feasible Fault Attacks on Masked Kyber


Jeroen Delvaux
Technology Innovation Institute


Keywords: Fault Attack, Kyber, Key-Encapsulation Mechanism, Lattice-Based Cryptography, Post-Quantum Cryptography


Abstract

At Indocrypt 2021, Hermelink, Pessl, and Pöppelmann presented a fault attack against Kyber in which a system of linear inequalities over the private key is generated and solved. The attack requires a laser and is, understandably, demonstrated with simulations—not actual equipment. We facilitate and diversify the attack in four ways, thereby admitting cheaper and more forgiving fault-injection setups. Firstly, the attack surface is enlarged: originally, the two input operands of the ciphertext comparison are covered, and we additionally cover re-encryption modules such as binomial sampling and butterflies in the last layer of the inverse numbertheoretic transform (INTT). This extra surface also allows an attacker to bypass the custom countermeasure that was proposed in the Indocrypt paper. Secondly, the fault model is relaxed: originally, precise bit flips are required, and we additionally support set-to-0 faults, random faults, arbitrary bit flips, and instruction skips. Thirdly, masking and blinding methods that randomize intermediate variables kindly help our attack, whereas the IndoCrypt attack is like most other fault attacks either hindered or unaltered by countermeasures against passive side-channel analysis (SCA). Randomization helps because we randomly fault intermediate prime-field elements until a desired set of values is hit. If these prime-field elements are represented on a circle, which is a common visualization, our attack is analogous to spinning a roulette wheel until the ball lands in a desired set of pockets. Hence, the nickname. Fourthly, we accelerate and improve the error tolerance of solving the system of linear inequalities: run times of roughly 100 minutes are reduced to roughly one minute, and inequality error rates of roughly 1% are relaxed to roughly 25%. Benefiting from the four advances above, we use a reasonably priced ChipWhisperer® board to break a masked implementation of Kyber running on an ARM Cortex-M4 through clock glitching.

Publication

Transactions of Cryptographic Hardware and Embedded Systems, Volume 2022, Issue 4

Paper

Artifact

Artifact number
tches/2022/a23

Artifact published
November 6, 2022

README

ZIP (1.3 MB)  

View on Github

License


BibTeX How to cite

Delvaux, J. (2022). Roulette: A Diverse Family of Feasible Fault Attacks on Masked Kyber. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022(4), 637–660. https://doi.org/10.46586/tches.v2022.i4.637-660. Artifact available at https://artifacts.iacr.org/tches/2022/a23