Side-Channel Attacks on Post-Quantum PKE/KEMs and Digital Signatures
Time: Mon 2025-11-17 13.00
Location: F3 (Flodis), Lindstedtsvägen 26 & 28, Stockholm
Video link: https://kth-se.zoom.us/j/66638877349
Language: English
Subject area: Information and Communication Technology
Doctoral student: Ruize Wang , Elektronik och inbyggda system
Opponent: Professor Elisabeth Oswald, University of Klagenfurt, Klagenfurt am Wörthersee, Austria
Supervisor: Professor Elena Dubrova, Elektronik och inbyggda system; Professor Zhonghai Lu, Elektronik och inbyggda system
QC 20251019
Abstract
Traditional public key cryptosystems rely on the hardness of specific mathematical problems, such as integer factorization and discrete logarithm problem. However, these problems can be solved efficiently by Shor's algorithm on a large-scale quantum computer. Although the development of quantum computers has progressed slowly over the past 40 years, it is estimated that a cryptographically relevant quantum computer is likely to be available in 2040, which intensifies the need for quantum-resistant cryptographic algorithms. In response to the quantum threat, in 2016, NIST launched a competition for standardizing post-quantum cryptographic primitives. In August 2024, NIST selected CRYSTALS-Kyber as the public key encryption and key encapsulation standard, and CRYSTALS-Dilithium as the digital signature standard.
However, algorithms which are secure from the perspective of conventional cryptanalysis may still be vulnerable to physical attacks, such as side-channel attacks. This thesis evaluates the resilience of software implementations of three lattice-based post-quantum cryptographic algorithms: Saber, CRYSTALS-Kyber, and CRYSTALS-Dilithium to side-channel attacks.
The presented results are based on seven appended papers. Two of them focus on side-channel attacks on Saber, four target CRYSTALS-Kyber, and one considers CRYSTALS-Dilithium. The main contributions of the thesis are:
- We evaluate and compare power side-channel and EM side-channel attacks, pointing that amplitude-modulated EM emissions are typically weaker and require a higher sampling rate for secret recovery. We also investigate the difficulty of performing attacks on protected and unprotected implementations.
- We propose several methods to improve the attack efficiency. For example, a novel neural network model aggregation technique called threshold voting is introduced for deep learning-based attacks. A higher-order attack on CRYSTALS-Kyber is presented by combining the leakages from Barrett reduction and message decoding. Furthermore, an optimal chosen-ciphertext construction strategy is developed to maximize the probability of secret key recovery given a fixed probability of message bit recovery.
- We provide a thorough discussion of various attack scenarios, including attacks on encapsulation, decapsulation, and signing procedures. For each scenario, we outline the assumptions and requirements for a successful attack.
- We present countermeasures to mitigate side-channel attacks at both the algorithmic and hardware levels. We also discuss the limitations of these countermeasures, as well as the challenges associated with deep learning-based attacks.
Most of the methods presented in this thesis are not limited to the specific algorithms described in the papers, and can be extended to other algorithms that are similar to Saber, CRYSTALS-Kyber, and CRYSTALS-Dilithium.