A side-channel attack on a masked hardware implementation of CRYSTALS-Kyber

NIST has recently selected CRYSTALS-Kyber as a new public key encryption and key establishment algorithm to be standardized. This makes it important to evaluate the resistance of CRYSTALS-Kyber implementations to side-channel attacks. Software implementations of CRYSTALS-Kyber have already been thoroughly analysed. The discovered vulnerabilities have helped improve subsequently released versions and promoted stronger countermeasures against side-channel attacks. In this paper, we present the first attack on a protected hardware implementation of CRYSTALS-Kyber. We demonstrate a practical message (shared key) recovery attack on the first-order masked FPGA implementation of Kyber-512 by Kamucheka et al. (2022) using power analysis based on the Hamming distance leakage model. The presented attack exploits a vulnerability located in the masked message decoding function executed during the decryption step of decapsulation. The message recovery is performed using a profiled deep learning-assisted method which extracts the message directly, without explicitly retrieving each share. By repeating the same decapsulation multiple times, it is possible to increase the success rate of full shared key recovery to 99%. We also analyse the feasibility of recovering shared keys during encapsulation and propose a countermeasure against the presented attack that is also applicable to FPGA implementations of other cryptographic algorithms.