MulLeak: Exploiting Multiply Instruction Leakage to Attack the Stack-optimized Kyber Implementation on Cortex-M4
CRYSTALS-Kyber, one of the NIST PQC standardization schemes, has garnered considerable attention from researchers in recent years for its side-channel security. Various targets have been explored in previous studies; however, research on extracting secret information from stack-optimized implementa...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2025-03-01
|
| Series: | Transactions on Cryptographic Hardware and Embedded Systems |
| Subjects: | |
| Online Access: | https://tches.iacr.org/index.php/TCHES/article/view/12041 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850072243235717120 |
|---|---|
| author | Fan Huang Xiaolin Duan Chengcong Hu Mengce Zheng Honggang Hu |
| author_facet | Fan Huang Xiaolin Duan Chengcong Hu Mengce Zheng Honggang Hu |
| author_sort | Fan Huang |
| collection | DOAJ |
| description |
CRYSTALS-Kyber, one of the NIST PQC standardization schemes, has garnered considerable attention from researchers in recent years for its side-channel security. Various targets have been explored in previous studies; however, research on extracting secret information from stack-optimized implementations targeting the Cortex-M4 remains scarce, primarily due to the lack of memory access operations, which increases the difficulty of attacks.
This paper shifts the focus to the leakage of multiply instructions and present a novel cycle-level regression-based leakage model for the following attacks. We target the polynomial multiplications in decryption process of the stack-optimized implementation targeting the Cortex-M4, and propose two regression-based profiled attacks leveraging known ciphertext and chosen ciphertext methodologies to recover the secret coefficients individually. The later one can also be extended to the protected implementation.
Our practical evaluation, conducted on the stack-optimized Kyber-768 implementation from the pqm4 repository, demonstrates the effectiveness of the proposed attacks. Focusing on the leakage from the pair-pointwise multiplication, specifically the macro doublebasemul_frombytes_asm, we successfully recover all secret coefficients with a success rate exceeding 95% using a modest number of traces for each attack. This research underscores the potential vulnerabilities in PQC implementations against side-channel attacks and contributes to the ongoing discourse on the physical security of cryptographic algorithms.
|
| format | Article |
| id | doaj-art-53e753002edf4264a0ad00d3cc49da7b |
| institution | DOAJ |
| issn | 2569-2925 |
| language | English |
| publishDate | 2025-03-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | Transactions on Cryptographic Hardware and Embedded Systems |
| spelling | doaj-art-53e753002edf4264a0ad00d3cc49da7b2025-08-20T02:47:07ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252025-03-012025210.46586/tches.v2025.i2.23-68MulLeak: Exploiting Multiply Instruction Leakage to Attack the Stack-optimized Kyber Implementation on Cortex-M4Fan Huang0Xiaolin Duan1Chengcong Hu2Mengce Zheng3Honggang Hu4School of Cyber Science and Technology, University of Science and Technology of China, Hefei, ChinaSchool of Cyber Science and Technology, University of Science and Technology of China, Hefei, ChinaSchool of Cyber Science and Technology, University of Science and Technology of China, Hefei, ChinaZhejiang Wanli University, Ningbo, ChinaSchool of Cyber Science and Technology, University of Science and Technology of China, Hefei, China; Hefei National Laboratory, Hefei, China CRYSTALS-Kyber, one of the NIST PQC standardization schemes, has garnered considerable attention from researchers in recent years for its side-channel security. Various targets have been explored in previous studies; however, research on extracting secret information from stack-optimized implementations targeting the Cortex-M4 remains scarce, primarily due to the lack of memory access operations, which increases the difficulty of attacks. This paper shifts the focus to the leakage of multiply instructions and present a novel cycle-level regression-based leakage model for the following attacks. We target the polynomial multiplications in decryption process of the stack-optimized implementation targeting the Cortex-M4, and propose two regression-based profiled attacks leveraging known ciphertext and chosen ciphertext methodologies to recover the secret coefficients individually. The later one can also be extended to the protected implementation. Our practical evaluation, conducted on the stack-optimized Kyber-768 implementation from the pqm4 repository, demonstrates the effectiveness of the proposed attacks. Focusing on the leakage from the pair-pointwise multiplication, specifically the macro doublebasemul_frombytes_asm, we successfully recover all secret coefficients with a success rate exceeding 95% using a modest number of traces for each attack. This research underscores the potential vulnerabilities in PQC implementations against side-channel attacks and contributes to the ongoing discourse on the physical security of cryptographic algorithms. https://tches.iacr.org/index.php/TCHES/article/view/12041Post-quantum CryptographyKyberLinear RegressionProfiled AttackCycle-level Power Leakage |
| spellingShingle | Fan Huang Xiaolin Duan Chengcong Hu Mengce Zheng Honggang Hu MulLeak: Exploiting Multiply Instruction Leakage to Attack the Stack-optimized Kyber Implementation on Cortex-M4 Transactions on Cryptographic Hardware and Embedded Systems Post-quantum Cryptography Kyber Linear Regression Profiled Attack Cycle-level Power Leakage |
| title | MulLeak: Exploiting Multiply Instruction Leakage to Attack the Stack-optimized Kyber Implementation on Cortex-M4 |
| title_full | MulLeak: Exploiting Multiply Instruction Leakage to Attack the Stack-optimized Kyber Implementation on Cortex-M4 |
| title_fullStr | MulLeak: Exploiting Multiply Instruction Leakage to Attack the Stack-optimized Kyber Implementation on Cortex-M4 |
| title_full_unstemmed | MulLeak: Exploiting Multiply Instruction Leakage to Attack the Stack-optimized Kyber Implementation on Cortex-M4 |
| title_short | MulLeak: Exploiting Multiply Instruction Leakage to Attack the Stack-optimized Kyber Implementation on Cortex-M4 |
| title_sort | mulleak exploiting multiply instruction leakage to attack the stack optimized kyber implementation on cortex m4 |
| topic | Post-quantum Cryptography Kyber Linear Regression Profiled Attack Cycle-level Power Leakage |
| url | https://tches.iacr.org/index.php/TCHES/article/view/12041 |
| work_keys_str_mv | AT fanhuang mulleakexploitingmultiplyinstructionleakagetoattackthestackoptimizedkyberimplementationoncortexm4 AT xiaolinduan mulleakexploitingmultiplyinstructionleakagetoattackthestackoptimizedkyberimplementationoncortexm4 AT chengconghu mulleakexploitingmultiplyinstructionleakagetoattackthestackoptimizedkyberimplementationoncortexm4 AT mengcezheng mulleakexploitingmultiplyinstructionleakagetoattackthestackoptimizedkyberimplementationoncortexm4 AT hongganghu mulleakexploitingmultiplyinstructionleakagetoattackthestackoptimizedkyberimplementationoncortexm4 |