Side-channel attacks on CRYSTALS-KYBER, countermeasures and comparison with SKELYA (DSTU 8961-2019)

Although the mathematical problems used in post-quantum cryptography algorithms appear to be mathematically secure, a class of attacks known as side-channel attacks may prove to be a threat to the security of such algorithms. Side-channel attacks affect the hardware on which the cryptographic algorithm runs, they are not attacks on the algorithm itself. The good news is that side-channel analysis on new post-quantum cryptographic algorithms started early, even before the algorithms were standardized, given that older algorithms still face side-channel problems. Kyber is a lattice-based post-quantum algorithm based on the complexity of the M-LWE problem. Kyber offers a secure public key encryption (PKE) scheme against a chosen plaintext attack (CPA) and a secure key encapsulation mechanism against a chosen ciphertext attack (CCA). This paper provides a study of side-channel and fault-injection attacks on lattice-based schemes, with focus on the Kyber (KEM). Considering the wide range of known attacks, the protection of the algorithm requires the implementation of individual countermeasures. The paper presents and tests a number of countermeasures capable of providing/improving protection against existing SCA/FIA for Kyber KEM. The obtained results show that the presented countermeasures incur a reasonable performance cost. Therefore, the use of special countermeasures in real implementations of lattice-based schemes, either alone or as an augmentation of general countermeasures, is necessary.