Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Carry Your Fault: A Fault Propagation Attack on Side-Channel Protected LWE-based KEM

Suparna Kundu, Siddhartha Chowdhury, Sayandeep Saha, Angshuman Karmakar, Debdeep Mukhopadhyay, Ingrid Verbauwhede

TL;DR

The paper presents a novel fault-attack exploiting the A2B conversion in masked decapsulation of LWE-based KEMs, enabling leakage of a secret-dependent noise bit through carry propagation. By modeling decryption failures as a system of inequalities and solving them with Belief Propagation, the authors recover the long-term secret key from Kyber (and extendable to Saber) under masked implementations. They validate the approach through both simulated injections and practical EM fault injections on an STM32 platform, showing feasibility with realistic fault models and noise-relief techniques. The work highlights a cross-attack vulnerability where masking countermeasures can inadvertently introduce new leakage paths, calling for integrated, robust defenses and careful masking design to secure PQC deployments.

Abstract

Post-quantum cryptographic (PQC) algorithms, especially those based on the learning with errors (LWE) problem, have been subjected to several physical attacks in the recent past. Although the attacks broadly belong to two classes - passive side-channel attacks and active fault attacks, the attack strategies vary significantly due to the inherent complexities of such algorithms. Exploring further attack surfaces is, therefore, an important step for eventually securing the deployment of these algorithms. Also, it is important to test the robustness of the already proposed countermeasures in this regard. In this work, we propose a new fault attack on side-channel secure masked implementation of LWE-based key-encapsulation mechanisms (KEMs) exploiting fault propagation. The attack typically originates due to an algorithmic modification widely used to enable masking, namely the Arithmetic-to-Boolean (A2B) conversion. We exploit the data dependency of the adder carry chain in A2B and extract sensitive information, albeit masking (of arbitrary order) being present. As a practical demonstration of the exploitability of this information leakage, we show key recovery attacks of Kyber, although the leakage also exists for other schemes like Saber. The attack on Kyber targets the decapsulation module and utilizes Belief Propagation (BP) for key recovery. To the best of our knowledge, it is the first attack exploiting an algorithmic component introduced to ease masking rather than only exploiting the randomness introduced by masking to obtain desired faults (as done by Delvaux). Finally, we performed both simulated and electromagnetic (EM) fault-based practical validation of the attack for an open-source first-order secure Kyber implementation running on an STM32 platform.

Carry Your Fault: A Fault Propagation Attack on Side-Channel Protected LWE-based KEM

TL;DR

The paper presents a novel fault-attack exploiting the A2B conversion in masked decapsulation of LWE-based KEMs, enabling leakage of a secret-dependent noise bit through carry propagation. By modeling decryption failures as a system of inequalities and solving them with Belief Propagation, the authors recover the long-term secret key from Kyber (and extendable to Saber) under masked implementations. They validate the approach through both simulated injections and practical EM fault injections on an STM32 platform, showing feasibility with realistic fault models and noise-relief techniques. The work highlights a cross-attack vulnerability where masking countermeasures can inadvertently introduce new leakage paths, calling for integrated, robust defenses and careful masking design to secure PQC deployments.

Abstract

Post-quantum cryptographic (PQC) algorithms, especially those based on the learning with errors (LWE) problem, have been subjected to several physical attacks in the recent past. Although the attacks broadly belong to two classes - passive side-channel attacks and active fault attacks, the attack strategies vary significantly due to the inherent complexities of such algorithms. Exploring further attack surfaces is, therefore, an important step for eventually securing the deployment of these algorithms. Also, it is important to test the robustness of the already proposed countermeasures in this regard. In this work, we propose a new fault attack on side-channel secure masked implementation of LWE-based key-encapsulation mechanisms (KEMs) exploiting fault propagation. The attack typically originates due to an algorithmic modification widely used to enable masking, namely the Arithmetic-to-Boolean (A2B) conversion. We exploit the data dependency of the adder carry chain in A2B and extract sensitive information, albeit masking (of arbitrary order) being present. As a practical demonstration of the exploitability of this information leakage, we show key recovery attacks of Kyber, although the leakage also exists for other schemes like Saber. The attack on Kyber targets the decapsulation module and utilizes Belief Propagation (BP) for key recovery. To the best of our knowledge, it is the first attack exploiting an algorithmic component introduced to ease masking rather than only exploiting the randomness introduced by masking to obtain desired faults (as done by Delvaux). Finally, we performed both simulated and electromagnetic (EM) fault-based practical validation of the attack for an open-source first-order secure Kyber implementation running on an STM32 platform.
Paper Structure (19 sections, 3 theorems, 8 equations, 11 figures, 6 tables, 3 algorithms)

This paper contains 19 sections, 3 theorems, 8 equations, 11 figures, 6 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. LPR Public-Key Encryption
  4. PQ KEM Schemes Kyber and Saber
  5. Masking Saber and Kyber
  6. Fault Propagation through the Carry Chain
  7. Fault Propagation through First-order Masked A2B
  8. Fault Propagation for the Higher-Order Masking
  9. Application of Our Fault Attack on Kyber
  10. Recovery of the Secret Key for Kyber
  11. Application of Our stuck-at Fault Attack on Saber
  12. Relaxation of the Fault Model
  13. Experiments
  14. Noise Removal from Inequalities
  15. Configuring and Running the BP Algorithm
  16. ...and 4 more sections

Key Result

lemma 1

If we introduce a stuck-at-1 fault at $x^{(k-1)}$, the fault activates with probability $\frac{1}{2}$. The activated fault propagates to $z^{(k)}$ (i.e.$z^{*(k)} = \overline{z^{(k)}}$) if and only if $z^{(k-1)} = 1$.

Figures (11)

  • Figure 1: $\mathtt{LPR}{.}\mathtt{PKE}$DBLP:conf/eurocrypt/LyubashevskyPR10
  • Figure 2: CCA secure $\mathtt{LPR}{.}\mathtt{KEM}$Jiang2017
  • Figure 3: $\mathtt{Compress}$, $\mathtt{Decompress}$, $\mathtt{Encode}$, and $\mathtt{Decode}$ functions of $\mathtt{Kyber}$Kyber-Kem
  • Figure 4: First-order masked $\mathtt{Saber}.\mathtt{KEM}.\mathtt{Decaps}$ algorithm FO-masked-saber. The highlighted operations in color gray are influenced by the non-ephemeral secret-key $\pmb{s}$ and use masking to prevent SCA. The component we focus on in this work is enveloped with the red rectangle.
  • Figure 5: The steps of the masked decoding algorithm of Kyber presented in Algorithm \ref{['algo:masked-decode']}1st-order_masked_comparator.
  • ...and 6 more figures

Theorems & Definitions (6)

  • lemma 1
  • proof
  • lemma 2
  • proof
  • lemma 3
  • proof