Trojan-Resilient NTT: Protecting Against Control Flow and Timing Faults on Reconfigurable Platforms

TL;DR

This paper introduces a secure Number Theoretic Transform (NTT) architecture for reconfigurable platforms that detects and corrects control flow and timing faults caused by hardware Trojans and side-channel attacks, enhancing PQC hardware security.

Contribution

The paper proposes a novel secure NTT design that detects unconventional delays and control-flow disruptions, with an adaptive fault-correction method, validated on FPGA with high success rate.

Findings

Efficient fault detection and correction on FPGA for various Kyber variants.

High success rate in detecting and mitigating hardware Trojan-induced faults.

Modest area and time overheads introduced by the proposed security modules.

Abstract

Number Theoretic Transform (NTT) is the most essential component for polynomial multiplications used in lattice-based Post-Quantum Cryptography (PQC) algorithms such as Kyber, Dilithium, NTRU etc. However, side-channel attacks (SCA) and hardware vulnerabilities in the form of hardware Trojans may alter control signals to disrupt the circuit's control flow and introduce unconventional delays in the critical hardware of PQC. Hardware Trojans, especially on control signals, are more low cost and impactful than data signals because a single corrupted control signal can disrupt or bypass entire computation sequences, whereas data faults usually cause only localized errors. On the other hand, adversaries can perform Soft Analytical Side Channel Attacks (SASCA) on the design using the inserted hardware Trojan. In this paper, we present a secure NTT architecture capable of detecting unconventional delays, control-flow disruptions, and SASCA, while providing an adaptive fault-correction methodology for their mitigation. Extensive simulations and implementations of our Secure NTT on Artix-7 FPGA with different Kyber variants show that our fault detection and correction modules can efficiently detect and correct faults whether caused unintentionally or intentionally by hardware Trojans with a high success rate, while introducing only modest area and time overheads.