The article discusses a new type of fault attack on side-channel secure masked implementation of LWE-based key-encapsulation mechanisms (KEMs). The attack exploits the data dependency of the adder carry chain in Arithmetic-to-Boolean ( A2B) conversion. This leakage allows for key recovery attacks, demonstrated practically on the Kyber scheme. This is the first known attack to exploit an algorithmic component introduced to facilitate masking rather than only exploiting the randomness introduced by masking to obtain desired faults.

 

Publication date: 25 Jan 2024
Project Page: https://arxiv.org/abs/2401.14098v1
Paper: https://arxiv.org/pdf/2401.14098