International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Post-Quantum Authenticated Encryption against Chosen-Ciphertext Side-Channel Attacks

Melissa Azouaoui , NXP Semiconductors
Yulia Kuzovkova , NXP Semiconductors
Tobias Schneider , NXP Semiconductors
Christine van Vredendaal , NXP Semiconductors
Search ePrint
Search Google
Presentation: Slides
Abstract: Over the last years, the side-channel analysis of Post-Quantum Cryptography (PQC) candidates in the NIST standardization initiative has received increased attention. In particular, it has been shown that some post-quantum Key Encapsulation Mechanisms (KEMs) are vulnerable to Chosen-Ciphertext Side-Channel Attacks (CC-SCA). These powerful attacks target the re-encryption step in the Fujisaki-Okamoto (FO) transform, which is commonly used to achieve CCA security in such schemes. To sufficiently protect PQC KEMs on embedded devices against such a powerful CC-SCA, masking at increasingly higher order is required, which induces a considerable overhead. In this work, we propose a conceptually simple construction, the EtS KEM, that alleviates the impact of CC-SCA. It uses the EtS paradigm introduced by An, Dodis and Rabin at EUROCRYPT '02, and instantiates a post-quantum authenticated KEM in the outsider-security model. While the construction is generic, we apply it to the CRYSTALS-Kyber KEM, relying on the CRYSTALS-Dilithium and Falcon signature schemes, and show that a CC-SCA-protected EtS KEM version of CRYSTALS-Kyber requires less than 10% of the cycles required for the CC-SCA-protected FO-based KEM. We additionally show that the cost of protecting the EtS KEM against fault injection attacks, necessarily due to the added signature verification, remains negligible compared to the large cost of masking the FO transform at higher orders. Lastly, we discuss relevant embedded use cases for our EtS KEM construction.
  title={Post-Quantum Authenticated Encryption against Chosen-Ciphertext Side-Channel Attacks},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  volume={2022, Issue 4},
  author={Melissa Azouaoui and Yulia Kuzovkova and Tobias Schneider and Christine van Vredendaal},