A team of researchers from the KTH Royal Institute of Technology has uncovered a vulnerability in one of the encryption algorithms selected by the U.S. government as a quantum-resistant solution. According to Elena Dubrova, Kalle Ngo, and Joel Gärtner, the vulnerability is in the implementation of CRYSTALS-Kyber, which is susceptible to “side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU.”
The U.S. National Institute of Standards and Technology (NIST) chose CRYSTALS-Kyber, along with three other post-quantum algorithms, after conducting a rigorous multi-year effort to identify the next-generation encryption standards that can withstand massive advances in computing power.
What is a side-channel attack?
A side-channel attack is a method of extracting confidential information from a cryptosystem by analyzing physical parameters such as supply current, execution time, and electromagnetic emission.
The idea behind a side-channel attack is that the physical effects produced as a result of a cryptographic implementation can be utilized to decode and deduce sensitive data, such as encryption keys and ciphertext.
Masking as a countermeasure
Masking is a well-known countermeasure for hardening cryptographic implementations against physical attacks. It randomizes the computation and separates the side-channel data from the secret-dependent cryptographic variables.
This technique divides every sensitive intermediate variable of the cryptographic algorithm into multiple shares utilizing secret sharing and computes them.
The unshared sensitive variables are never disclosed, and only the shared output is reconstructed to reveal its unmasked value after the calculation is completed.
The new attack method using deep learning
The researchers’ attack method utilizes a neural network training technique called recursive learning to recover message bits with a high degree of success. “Deep learning-based side-channel attacks can overcome conventional countermeasures such as masking, shuffling, random delays insertion, constant-weight encoding, code polymorphism, and randomized clock,” the researchers noted.
In conclusion, this vulnerability in CRYSTALS-Kyber highlights the continuous need for advanced research and development to create and improve quantum-resistant encryption algorithms. As quantum computing becomes more sophisticated, the demand for secure encryption technology will continue to grow.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.