Post-quantum algorithm vulnerable to side channel attacks

Researchers in Sweden say they have found a way to break a specific implementation of CRYSTALS-Kyber, one of a handful of “post-quantum” public key encryption algorithms chosen to underpin future U.S. government encryption standards.

According to a paper published by the KTH Royal Institute in Sweden, the algorithm — one of a number selected by both the U.S. National Institute for Standards and Technology and the NSA for future encryption standards and meant to withstand hacks from a future quantum computer — is vulnerable to a novel side channel attack.

Such attacks avoid directly targeting a system or hardware’s defenses, instead leveraging traces of the physical signals they emit (such as supply current, execution time or electromagnetic emissions) to extract secrets.

More recently, the advent of deep learning-based side channel analysis has made such attacks particularly relevant for breaking encryption systems and recovering secret keys. Apart from improving the effectiveness of some attacks, it has also allowed for attacks on true random number generators and physical unclonable functions, as well as non-differential message and secret key recovery attacks on post-quantum encryption algorithms.


Older Post