STUDY SPACE
Carry Your Fault: A Fault Propagation Attack on Side-Channel Protected LWE-based KEM

Carry Your Fault: A Fault Propagation Attack on Side-Channel Protected LWE-based KEM

25 Jan 2024 | Suparna Kundu, Siddhartha Chowdhury, Sayandeep Saha, Angshuman Karmakar, Debdeep Mukhopadhyay, Ingrid Verbauwhede
This paper introduces a novel fault attack on side-channel secure masked implementations of LWE-based key-encapsulation mechanisms (KEMs). The attack leverages the data dependency of the adder carry chain in the Arithmetic-to-Boolean (A2B) conversion, which is a critical component in masking algorithms. Despite the presence of masking, the attack extracts sensitive information by exploiting the carry propagation logic. The attack targets the decapsulation module of Kyber, a CCA-secure KEM, and uses Belief Propagation (BP) to recover the secret key. The effectiveness of the attack is demonstrated through key recovery experiments on an open-source first-order masked implementation of Kyber running on an STM32 platform, achieving key recovery with 1.9 million injections. The attack is practical and robust, as it remains effective even with increased SCA security. The paper also discusses the differences in the attack between Kyber and Saber, another LWE-based KEM, and provides a detailed analysis of the fault propagation mechanism.This paper introduces a novel fault attack on side-channel secure masked implementations of LWE-based key-encapsulation mechanisms (KEMs). The attack leverages the data dependency of the adder carry chain in the Arithmetic-to-Boolean (A2B) conversion, which is a critical component in masking algorithms. Despite the presence of masking, the attack extracts sensitive information by exploiting the carry propagation logic. The attack targets the decapsulation module of Kyber, a CCA-secure KEM, and uses Belief Propagation (BP) to recover the secret key. The effectiveness of the attack is demonstrated through key recovery experiments on an open-source first-order masked implementation of Kyber running on an STM32 platform, achieving key recovery with 1.9 million injections. The attack is practical and robust, as it remains effective even with increased SCA security. The paper also discusses the differences in the attack between Kyber and Saber, another LWE-based KEM, and provides a detailed analysis of the fault propagation mechanism.
Terms of Service
Privacy Policy
Reach us at info@study.space
[slides and audio] Carry Your Fault%3A A Fault Propagation Attack on Side-Channel Protected LWE-based KEM