Skip to main content

Researchers found leak in cryptographic algorithm

Joel Gärtner and Kalle Ngo
Joel Gärtner and Kalle Ngo
Published Apr 18, 2023

New and better methods are needed to protect sensitive data from hackers. This is the conclusion KTH researchers made when they managed to break an implementation of CRYSTALS-Kyber, a post quantum cryptography algorithm considered resistant to quantum computer attacks.

To protect sensitive data and secret information, the US National Institute of Standards and Technology (NIST) has recently selected CRYSTALS-Kyber as a new standard for key establishment. To test whether it keeps its promises, KTH researchers Elena Dubrova, Kalle Ngo and Joel Frisk Gärtner subjected CRYSTALS-Kyber to side-channel analyses by looking at the power consumption.

For today’s crypto algorithms to be useful, the algorithm is translated into program code, which runs on a digital processor. During the execution of the encryption-decryption procedures, a side-channel attacker can record the small variation in power consumption. These” power traces” can be analysed to infer the values the processors have manipulated, added, multiplied, stored, etcetera.

“CRYSTALS-Kyber includes special protections ensuring that the actual output of the algorithm do not leak any sensitive data to an attacker. However, as we performed a side-channel attack, we were able to bypass these protections completely”, says Gärtner.

AI is able to see trough 

Side-channel attacks are not new, that is why countermeasures are often employed as an attempt to thwart attacks. One of the most prominent of these is known as” masking”. In the masking countermeasure, secret data is split into multiple shares.

Researchers at KTH have shown these power traces to an Artificial Neural Network (ANN) and have taught it to recognise these combined patterns. Effectively showing that an AI is able to easily ‘see through’ this masking. This has major security implications for implementations relying on masking as the sole countermeasure against side-channel analysis.

” With the development of quantum computing, the security of communications is a concern for many organization’s. CRYSTALS-Kyber is just one example of how to protect information. Algorithmic security is only one face of a 2-sided-coin. We need to be aware that AI-assisted side-channel analysis is a powerful tool that can potentially grant superpowers to a hacker”, says Ngo.

At the end of March, the results were presented at the Real World Crypto Symposium in Tokyo .

See a video here

Emelie Smedslund

Related news

Cybercampus Sverige inaugurated

On 7 February, Cybercampus Sverige was formally launched at a ceremony at the new headquarters in Stockholm, with Minister for Civil Defence Carl-Oskar Bohlin and Minister for Education Mats Persson i...

Read the article
Samuel Lavebrink and Madeleine Lindström are studying the Master's programme Machine Learning.

How to stop cyber-attacks with honeypots

In the ever-evolving landscape of cyber warfare, defending against human-controlled cyberattacks requires innovative strategies. A recent study conducted by students at KTH delves into the realm of cy...

Read the article
Gunnar Karlsson with his Headquarters Medal of Merit from the Swedish Armed Forces.
Gunnar Karlsson with his Headquarters Medal of Merit from the Swedish Armed Forces.

Honoured for his work in cyber security

Gunnar Karlsson from the Department of Network and Systems Engineering recently received the Headquarters Medal of Merit from the Swedish Armed Forces for his commitment to training cyber soldiers and...

Read the article