A Hardware-Friendly Shuffling Countermeasure Against Side-Channel Attacks for Kyber

TL;DR

This paper introduces a hardware-efficient shuffling countermeasure for Kyber that enhances resistance to side-channel attacks with minimal performance impact, suitable for FPGA implementations.

Contribution

It presents a modified Fisher-Yates shuffle and an optimized shuffling architecture tailored for Kyber, improving security against side-channel attacks with low hardware overhead.

Findings

Security verified by CPA and TVLA tests.

Only 8.7% hardware efficiency degradation.

Outperforms existing hardware hiding schemes.

Abstract

CRYSTALS-Kyber has been standardized as the only key-encapsulation mechanism (KEM) scheme by NIST to withstand attacks by large-scale quantum computers. However, the side-channel attacks (SCAs) on its implementation are still needed to be well considered for the upcoming migration. In this brief, we propose a secure and efficient hardware implementation for Kyber by incorporating a novel compact shuffling architecture. First of all, we modify the Fisher-Yates shuffle to make it more hardware-friendly. We then design an optimized shuffling architecture for the well-known open-source Kyber hardware implementation to enhance the security of all known and potential side-channel leakage points. Finally, we implement the modified Kyber design on FPGA and evaluate its security and performance. The security is verified by conducting correlation power analysis (CPA) and test vector leakage assessment (TVLA) on the hardware. Meanwhile, FPGA place-and-route results show that the proposed design reports only 8.7% degradation on the hardware efficiency compared with the original unprotected version, much better than existing hardware hiding schemes.