Magnifying Side-Channel Leakage of Lattice-Based Cryptosystems With Chosen Ciphertexts: The Case Study of Kyber

Lattice-based cryptography, as an active branch of post-quantum cryptography (PQC), has drawn great attention from side-channel analysis researchers in recent years. Despite the various side-channel targets examined in previous studies, detail on revealing the secret-dependent information efficiently is less studied. In this paper, we propose adaptive EM side-channel attacks with carefully constructed ciphertexts on Kyber, which is a finalist of NIST PQC standardization project. We demonstrate that specially chosen ciphertexts allow an adversary to modulate the leakage of a target device and enable full key extraction with a small number of traces through simple power analysis. Compared to prior research, our techniques require fewer traces and avoid building complex templates. We practically evaluate our methods using both a reference implementation and the ARM-specific implementation in pqm4 library. For the reference implementation, we target the leakage of the output of the inverse NTT computation and recover the full key with only four traces. For the pqm4 implementation, we develop a message-recovery attack that leads to extraction of the full secret key with between eight and 960 traces, depending on the compiler optimization level. We discuss the relevance of our findings to other lattice-based schemes and explore potential countermeasures.

• Publication year

  2022

• Venue

  IEEE transactions on computers

• Publication date

  2022-09-01

• Fields of study

  Mathematics, Materials Science, Computer Science

• Identifiers
  DOI 10.1109/tc.2021.3122997
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• A Side-Channel-Resistant Implementation of SABER

  2021cited by this paper
• Status report on the second round of the NIST post-quantum cryptography standardization process

  2020cited by this paper
• Drop by Drop you break the rock - Exploiting generic vulnerabilities in Lattice-based PKE/KEMs using EM-based Physical Attacks

  2020cited by this paper
• Generic Side-channel attacks on CCA-secure lattice-based PKE and KEMs

  2020influential reference
• Defeating NewHope with a Single Trace

  2020influential reference
• Quantum supremacy using a programmable superconducting processor

  2019cited by this paper
• Timing Attacks on Error Correcting Codes in Post-Quantum Schemes

  2019cited by this paper
• Misuse Attacks on Post-quantum Cryptosystems

  2019cited by this paper
• Memory-Efficient High-Speed Implementation of Kyber on Cortex-M4

  2019cited by this paper
• A Complete and Optimized Key Mismatch Attack on NIST Candidate NewHope

  2019cited by this paper
• A Simple Key Reuse Attack on LWE and Ring LWE Encryption Schemes as Key Encapsulation Mechanisms (KEMs)

  2019cited by this paper
• Assessment of the Key-Reuse Resilience of NewHope

  2019cited by this paper
• Power Analysis on NTRU Prime

  2019cited by this paper
• Data-Driven Debugging for Functional Side Channels

  2018cited by this paper
• CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme

  2018cited by this paper
• Saber: Module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM

  2018cited by this paper
• Practical CCA2-Secure and Masked Ring-LWE Implementation

  2018cited by this paper
• Efficient, Portable Template Attacks

  2018cited by this paper
• Horizontal side-channel vulnerabilities of post-quantum key exchange protocols

  2018cited by this paper
• LAC: Practical Ring-LWE Based Public-Key Encryption with Byte-Level Modulus

  2018cited by this paper
• CRYSTALS-Kyber Algorithm Specifications And Supporting Documentation

  2017influential reference
• NTRU Prime: Reducing Attack Surface at Low Cost

  2017cited by this paper
• Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption

  2017cited by this paper
• CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM

  2017cited by this paper
• SABER: Selection of approximate bits for the design of error tolerant circuits

  2017influential reference
• Synthesis of Adaptive Side-Channel Attacks

  2017cited by this paper
• Report on Post-Quantum Cryptography

  2016cited by this paper
• Cryptanalysis of ring-LWE based key exchange with key share reuse

  2016cited by this paper
• Additively Homomorphic Ring-LWE Masking

  2016cited by this paper
• Post-quantum Key Exchange - A New Hope

  2016cited by this paper
• Masking ring-LWE

  2016cited by this paper
• A masked ring-LWE implementation

  2015cited by this paper
• Online template attacks

  2014cited by this paper
• Portability of templates

  2012cited by this paper
• An information-theoretic model for adaptive side-channel attacks

  2007cited by this paper
• The use of elliptic curves in cryptography

  2007cited by this paper
• On lattices, learning with errors, random linear codes, and cryptography

  2005cited by this paper
• 20世紀の名著名論：Peter Shor : Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer

  2004cited by this paper
• Template Attacks

  2002cited by this paper
• Constrained K-means Clustering with Background Knowledge

  2001cited by this paper
• Secure Integration of Asymmetric and Symmetric Encryption Schemes

  1999cited by this paper
• Differential Power Analysis

  1999cited by this paper
• Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer

  1995cited by this paper
• A method for obtaining digital signatures and public-key cryptosystems

  1978cited by this paper
• Statistical Tables for Biological, Agricultural and Medical Research.

  1939cited by this paper

• HVLDL-SCA: Improving side channel analysis with horizontal and vertical label distribution learning

  2026cites this paper
• Quantum Attacks Targeting Nuclear Power Plants: Threat Analysis, Defense and Mitigation Strategies

  2026influential citation
• In Mid-Stream: Removing the FO-Transform Helps against Leakage but is not Enough

  2026cites this paper
• Unlocking the True Potential of Decryption Failure Oracles: A Hybrid Adaptive-LDPC Attack on ML-KEM Using Imperfect Oracles

  2026cites this paper
• Bridging Lab and Industry: Practical SPA-GPT on Cryptosystems Boosted by LSTM and Simulated Annealing

  2026influential citation
• More Practical and Robust: Enhancing Simple Power Analysis on Cryptosystems With Double Clustering

  2026cites this paper
• Enhancing ROS 2 (robot operating system 2) security with standardized post-quantum cryptosystems

  2025cites this paper
• Securing Cloud Computing Against Quantum Threats: Risk Assessment, Transition Strategies, and Migration Frameworks

  2025cites this paper
• Avengers assemble! Supervised learning meets lattice reduction A single power trace attack against CRYSTALS-Kyber Key Generation

  2025cites this paper
• Multi-Value Plaintext-Checking and Full-Decryption Oracle-Based Attacks on HQC from Offline Templates

  2025cites this paper
• SoK: Reassessing Side-Channel Vulnerabilities and Countermeasures in PQC Implementations

  2025influential citation
• Non-Profiled Higher-Order Side-Channel Attacks against Lattice-Based Post-Quantum Cryptography

  2025cites this paper
• Post-Quantum Key Exchange and Subscriber Identity Encryption in 5G Using ML-KEM (Kyber)

  2025cites this paper
• An Enhanced Two-Step CPA Side-Channel Analysis Attack on ML-KEM

  2025cites this paper
• Adaptive Template Attacks on the Kyber Binomial Sampler

  2025cites this paper
• Optimizing label correlation in deep learning-based side-channel analysis

  2025cites this paper
• Side-Channel and Fault Attacks on ML-KEM: A Survey of Vulnerabilities and Countermeasures

  2025cites this paper
• Classify Directly: A Dynamic Time SPA Classification Method Based on DTW

  2025cites this paper
• Two Low-Cost and Security-Enhanced Implementations Against Side-Channel Attacks of NTT for Lattice-Based Cryptography

  2025cites this paper
• Revisiting the Masking Strategy: A Side-Channel Attack on CRYSTALS-Kyber

  2025cites this paper
• Uncover Secrets Through the Cover: A Deep Learning-Based Side-Channel Attack Against Kyber Implementations With Anti-Tampering Covers

  2025cites this paper
• MulLeak: Exploiting Multiply Instruction Leakage to Attack the Stack-optimized Kyber Implementation on Cortex-M4

  2025cites this paper
• Blockchain Security Risk Assessment in Quantum Era, Migration Strategies, and Proactive Defense

  2025influential citation
• X2X: Low-Randomness and High-Throughput A2B and B2A Conversions for d+1 Shares in Hardware

  2025cites this paper
• Grafted Trees Bear Better Fruit: An Improved Multiple-Valued Plaintext-Checking Side-Channel Attack Against Kyber

  2025cites this paper
• Secret and shared keys recovery on hamming quasi-cyclic with SASCA

  2025cites this paper
• Et tu, Brute? Side-Channel Assisted Chosen Ciphertext Attacks Using Valid Ciphertexts on HQC KEM

  2025cites this paper
• DASH-T: A Lightweight Countermeasure Based on Dynamic Address Shuffling and Temporal-hiding for Kyber’s PWM

  2025cites this paper
• Improve the authentication of agricultural food supply chain using Permutations Supersonic Ligero Elliptic Signature Algorithm

  2025cites this paper
• Handling Noisy Plaintext Checking Oracles with SPiRiT

  2025cites this paper
• Unsupervised Hierarchical Side-Channel Analysis on ML-KEM Cryptographic Algorithms

  2025cites this paper
• Comparative Deep Learning-Based Side-Channel Analysis of an FPGA-Based CRYSTALS-Kyber NTT Accelerator

  2025cites this paper
• Investigating CRYSTALS-Kyber Vulnerabilities: Attack Analysis and Mitigation

  2024cites this paper
• Zero-Value Filtering for Accelerating Non-Profiled Side-Channel Attack on Incomplete NTT-Based Implementations of Lattice-Based Cryptography

  2024cites this paper
• Exploiting Small-Norm Polynomial Multiplication with Physical Attacks: Application to CRYSTALS-Dilithium

  2024cites this paper
• Defeating Low-Cost Countermeasures against Side-Channel Attacks in Lattice-based Encryption - A Case Study on Crystals-Kyber

  2024influential citation
• Blink: Breaking Lattice-Based Schemes Implemented in Parallel with Chosen-Ciphertext Attack

  2024cites this paper
• Exploiting the Central Reduction in Lattice-Based Cryptography

  2024cites this paper
• Machine Learning based Blind Side-Channel Attacks on PQC-based KEMs - A Case Study of Kyber KEM

  2024cites this paper
• Mask Conversions for d+1 shares in Hardware, with Application to Lattice-based PQC

  2024cites this paper
• Evaluation Framework for Quantum Security Risk Assessment: A Comprehensive Study for Quantum-Safe Migration

  2024influential citation
• Navigating Quantum Security Risks in Networked Environments: A Comprehensive Study of Quantum-Safe Network Protocols

  2024cites this paper
• Cybersecurity in the Quantum Era: Assessing the Impact of Quantum Computing on Infrastructure

  2024cites this paper
• PUF-Kyber: Design of a PUF-Based Kyber Architecture Benchmarked on Diverse ARM Processors

  2024cites this paper
• Deep Learning Enhanced Side Channel Analysis on CRYSTALS-Kyber

  2024cites this paper
• An Improved Two-Step Attack on Lattice-Based Cryptography: A Case Study of Kyber

  2024cites this paper
• Inspector Gadget: A Toolbox for Fair Comparison of Masking Gadgets, Application to Crystals-Kyber Compression

  2024cites this paper
• Side-Channel Analysis of Arithmetic Encodings for Post-Quantum Cryptography: Cautionary Notes with Application to Kyber

  2024cites this paper
• A Generic Framework for Side-Channel Attacks against LWE-based Cryptosystems

  2024cites this paper
• A comprehensive side-channel leakage assessment of CRYSTALS-Kyber in IIoT

  2024cites this paper
• Towards Quantum-Resistant Security: Pre-Silicon Power Side-Channel Leakage Analysis of CRYSTALS-Kyber

  2024cites this paper
• A lightweight BRLWE-based post-quantum cryptosystem with side-channel resilience for IoT security

  2024cites this paper
• A closer look at the belief propagation algorithm in side-channel attack on CCA-secure PQC KEM

  2024cites this paper
• Evaluation framework for quantum security risk assessment: A comprehensive strategy for quantum-safe transition

  2024cites this paper
• One Solves All: Exploring ChatGPT's Capabilities for Fully Automated Simple Power Analysis on Cryptosystems

  2024cites this paper
• An Improved Two-Step Attack on CRYSTALS-Kyber

  2024cites this paper
• Revisiting Higher-Order Masked Comparison for Lattice-Based Cryptography: Algorithms and Bit-Sliced Implementations

  2023cites this paper
• Towards Automated Detection of Single-Trace Side-Channel Vulnerabilities in Constant-Time Cryptographic Code

  2023cites this paper
• SCA-LDPC: A Code-Based Framework for Key-Recovery Side-Channel Attacks on Post-Quantum Encryption Schemes

  2023cites this paper
• Pushing the Limits of Generic Side-Channel Attacks on LWE-based KEMs - Parallel PC Oracle Attacks on Kyber KEM and Beyond

  2023cites this paper
• Gate-Level Masking of Streamlined NTRU Prime Decapsulation in Hardware

  2023cites this paper
• Toward Next Generation Quantum-Safe eIDs and eMRTDs: A Survey

  2023cites this paper
• Chosen ciphertext correlation power analysis on Kyber

  2023cites this paper
• Breaking a Fifth-Order Masked Implementation of CRYSTALS-Kyber by Copy-Paste

  2023cites this paper
• Gadget-based Masking of Streamlined NTRU Prime Decapsulation in Hardware

  2023cites this paper
• Side-channel and Fault-injection attacks over Lattice-based Post-quantum Schemes (Kyber, Dilithium): Survey and New Results

  2023influential citation
• When NTT Meets SIS: Efficient Side-channel Attacks on Dilithium and Kyber

  2023cites this paper
• A Side-Channel Attack on a Hardware Implementation of CRYSTALS-Kyber

  2023cites this paper
• Overview and Discussion of Attacks on CRYSTALS-Kyber

  2023cites this paper
• Methods for Masking CRYSTALS-Kyber Against Side-Channel Attacks

  2023cites this paper
• Side Channel Security Oriented Evaluation and Protection on Hardware Implementations of Kyber

  2023cites this paper
• Multiple-Valued Plaintext-Checking Side-Channel Attacks on Post-Quantum KEMs

  2023cites this paper
• A Side-Channel Attack on a Bitsliced Higher-Order Masked CRYSTALS-Kyber Implementation

  2023cites this paper
• High-order masking of NTRU

  2023cites this paper
• Higher-Order Boolean Masking Does Not Prevent Side-Channel Attacks on LWE/LWR-based PKE/KEMs

  2023cites this paper
• Correlation Electromagnetic Analysis on an FPGA Implementation of CRYSTALS-Kyber

  2023cites this paper
• Low-Cost Shuffling Countermeasures Against Side-Channel Attacks for NTT-Based Post-Quantum Cryptography

  2023cites this paper
• Towards Secure Classical-Quantum Systems

  2023cites this paper
• Algorithmic Security is Insufficient: A Comprehensive Survey on Implementation Attacks Haunting Post-Quantum Security

  2023cites this paper
• A Configurable CRYSTALS-Kyber Hardware Implementation with Side-Channel Protection

  2023cites this paper
• A Template Attack on Reduction Without Reference Device on Kyber

  2023cites this paper
• A side-channel attack on a masked and shuffled software implementation of Saber

  2023cites this paper
• PQC-SEP: Power Side-channel Evaluation Platform for Post-Quantum Cryptography Algorithms

  2022cites this paper
• Find the Bad Apples: An efficient method for perfect key recovery under imperfect SCA oracles â€" A case study of Kyber

  2022cites this paper
• Higher-order masked Saber

  2022cites this paper
• An End-to-End Analysis of EMFI on Bit-sliced Post-Quantum Implementations

  2022cites this paper
• A Voltage Template Attack on the Modular Polynomial Subtraction in Kyber

  2022cites this paper
• Systematic Study of Decryption and Re-Encryption Leakage: the Case of Kyber

  2022influential citation
• High-order Polynomial Comparison and Masking Lattice-based Encryption

  2022cites this paper
• Higher-Order Masked Ciphertext Comparison for Lattice-Based Cryptography

  2022cites this paper
• Side-Channel Attacks on Lattice-Based KEMs Are Not Prevented by Higher-Order Masking

  2022cites this paper
• High-order Table-based Conversion Algorithms and Masking Lattice-based Encryption

  2022cites this paper
• Post-Quantum Authenticated Encryption against Chosen-Ciphertext Side-Channel Attacks

  2022cites this paper
• Chosen-Ciphertext Clustering Attack on CRYSTALS-KYBER Using the Side-Channel Leakage of Barrett Reduction

  2022influential citation
• Practical Side-Channel Attack on Masked Message Encoding in Latticed-Based KEM

  2022influential citation
• Side-Channel Analysis of Saber KEM Using Amplitude-Modulated EM Emanations

  2022cites this paper
• Design and Evaluation of Bit-sliced Neural Network and Post-Quantum Implementations

  2022cites this paper
• Side-channel Analysis of Lattice-based Post-quantum Cryptography: Exploiting Polynomial Multiplication

  2022cites this paper
• A Key-Recovery Side-Channel Attack on Classic McEliece

  2022cites this paper
• One-Hot Conversion: Towards Faster Table-based A2B Conversion

  2022cites this paper