Welcome to the resource topic for 2023/1220
Quasi-linear Masking to Protect Kyber against both SCA and FIA
Authors: Pierre-Augustin BERTHET, Cédric Tavernier, Jean-Luc Danger, Laurent SauvageAbstract:
The recent technological advances in Post-Quantum Cryptography (PQC) rise the questions of robust implementations of new asymmetric cryptographic primitives in today’s technology. This is the case for the lattice-based CRYSTALS-Kyber algorithm which has been selected as the first NIST standard for Public Key Encryption (PKE) and Key Encapsulation Mechanisms (KEM). We have notably to make sure the Kyber implementation is resilient against physical attacks like Side-Channel Analysis (SCA) and Fault Injection Attacks (FIA). To reach this goal, we propose to use the masking countermeasure, more precisely the generic Direct Sum Masking method (DSM). By taking inspiration of a previous paper on AES, we extend the method to finite fields of characteristic prime other than 2 and even-length codes. In particular, we investigated its
application to Keccak, which is the hash-based function used in Kyber. We also provided the first masked implementation of Kyber providing both SCA and FIA resilience while not requiring any conversion between different masking methods.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .