Research on Key Technologies of Side-channel Security Protection for Polynomial Multiplication in ML-KEM/Kyber Algorithm

ZHAO Yiqiang; KONG Jindi; FU Yucheng; ZHANG Qizhi; YE Mao; XIA Xianzhao; SONG Xintong; HE Jiaji

doi:10.11999/JEIT250292

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2025 >

ZHAO Yiqiang, KONG Jindi, FU Yucheng, ZHANG Qizhi, YE Mao, XIA Xianzhao, SONG Xintong, HE Jiaji. Research on Key Technologies of Side-channel Security Protection for Polynomial Multiplication in ML-KEM/Kyber Algorithm[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250292

Citation:

ZHAO Yiqiang, KONG Jindi, FU Yucheng, ZHANG Qizhi, YE Mao, XIA Xianzhao, SONG Xintong, HE Jiaji. Research on Key Technologies of Side-channel Security Protection for Polynomial Multiplication in ML-KEM/Kyber Algorithm[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250292

Citation:

ZHAO Yiqiang, KONG Jindi, FU Yucheng, ZHANG Qizhi, YE Mao, XIA Xianzhao, SONG Xintong, HE Jiaji. Research on Key Technologies of Side-channel Security Protection for Polynomial Multiplication in ML-KEM/Kyber Algorithm[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250292

PDF( 3306 KB)

Research on Key Technologies of Side-channel Security Protection for Polynomial Multiplication in ML-KEM/Kyber Algorithm

doi: 10.11999/JEIT250292 cstr: 32379.14.JEIT250292

ZHAO Yiqiang^{1, 2},
KONG Jindi^{1, 2},
FU Yucheng^{1, 2},
ZHANG Qizhi^{1, 2},
YE Mao^{1, 2},
XIA Xianzhao³,
SONG Xintong^{1, 2},
HE Jiaji^{1, 2
,
,}

1.
School of Microelectronics, Tianjin University, Tianjin 300072, China
2.
Tianjin Key Laboratory of Imaging and Perception Microelectronics Technology, Tianjin 300072, China
3.
China Automotive Technology & Research Center Co. Ltd., Shenzhen 518118, China

Funds: The National Key Research and Development Program of China (2023YFB4402800), Tianjin Science and Technology Plan Project (24YDTPJC00020)

Received Date: 2025-04-18
Rev Recd Date: 2025-07-20

Available Online: 2025-07-29

Abstract

Abstract

Objective As ML-KEM/Kyber is adopted as a post-quantum key encapsulation mechanism, securing its hardware implementations against Side-Channel Attacks (SCAs) has become critical. Although Kyber offers mathematically proven security, its physical implementations remain susceptible to timing-based side-channel leakage, particularly during Polynomial Point-Wise Multiplication (PWM), a core operation in decryption. Existing countermeasures, such as masking and static hiding, struggle to balance security, resource efficiency, and hardware feasibility. This study proposes a dynamic randomization strategy to disrupt execution timing patterns in PWM, thereby improving side-channel resistance in Kyber hardware designs. Methods A randomized pseudo-round hiding technique is developed to obfuscate the timing profile of PWM computations. The approach incorporates two key mechanisms: (1) dynamic insertion of redundant modular operations (e.g., dummy additions and multiplications), and (2) two-level pseudo-random scheduling based on Linear Feedback Shift Registers (LFSRs). These mechanisms randomize the execution order of PWM operations while reusing existing butterfly units to reduce hardware overhead. The design is implemented on a Xilinx Spartan-6 FPGA and evaluated using Correlation Power Analysis (CPA) and Test Vector Leakage Assessment (TVLA). Results and Discussions Experimental results demonstrate a substantial improvement in side-channel resistance. In unprotected implementations, attackers could recover Kyber’s long-term secret key using as few as 897 to 1,650 power traces. With the proposed countermeasure applied, no successful key recovery occurred even after 10,000 traces, representing more than a 100-fold increase in the number of traces required for key extraction. TVLA results (Fig. 6) confirm the suppression of leakage, with t-test values maintained near the threshold (|t| < 4.5). The resource overhead remains within acceptable bounds: the area-time product increases by 17.99%, requiring only 157 additional Look-Up Tables (LUTs) and 99 Flip-Flops (FFs) compared with the unprotected design. The proposed architecture outperforms existing masking and hiding schemes (Table 3), delivering stronger security with lower resource consumption. Conclusions This work presents an efficient and lightweight countermeasure against timing-based SCAs for Kyber hardware implementations. By dynamically randomizing PWM operations, the design significantly enhances side-channel security while maintaining practical resource usage. Future research will focus on optimizing pseudo-round scheduling to reduce latency, extending protection to Kyber’s Fujisaki–Okamoto (FO) transformation modules, and generalizing the method to other Number-Theoretic Transform (NTT)-based lattice cryptographic algorithms such as Dilithium. These developments support the secure and scalable deployment of post-quantum cryptographic systems.
- Post-Quantum Cryptography (PQC),
- Side-Channel Attack (SCA),
- Correlation Power Analysis (CPA),
- Polynomial point-Wise Multiplication (PWM),
- Kyber

FullText(HTML)

References(19)

References

[1]	SHOR P W. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer[J]. SIAM Review, 1999, 41(2): 303–332. doi: 10.1137/S0036144598347011.
[2]	National Institute of Standards and Technology. FIPS 203-2024 Module-lattice-based key-encapsulation mechanism standard[S]. Gaithersburg: U. S. Department of Commerce, 2024. doi: 10.6028/NIST.FIPS.203.
[3]	PRIMAS R, PESSL P, and MANGARD S. Single-trace side-channel attacks on masked lattice-based encryption[C]. 19th International Conference on Cryptographic Hardware and Embedded Systems, Taipei, China, 2017: 513–533. doi: 10.1007/978-3-319-66787-4_25.
[4]	KARLOV A and DE GUERTECHIN N L D. Power analysis attack on Kyber[EB/OL]. https://eprint.iacr.org/2021/1311, 2021.
[5]	HAMBURG M, HERMELINK J, PRIMAS R, et al. Chosen ciphertext k-trace attacks on masked CCA2 secure Kyber[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021, 2021(4): 88–113. doi: 10.46586/tches.v2021.i4.88-113.
[6]	RAVI P, JAP D, BHASIN S, et al. Machine learning based blind side-channel attacks on PQC-based KEMs - a case study of Kyber KEM[C]. 2023 IEEE/ACM International Conference on Computer Aided Design (ICCAD), San Francisco, USA, 2023: 1–7. doi: 10.1109/ICCAD57390.2023.10323721.
[7]	王亚琦, 黄帆, 段晓林, 等. 对Kyber算法的二阶侧信道攻击: 针对掩码哈希函数(英文)[J]. 密码学报(中英文), 2024, 11(6): 1415–1436. doi: 10.13868/j.cnki.jcr.000745. WANG Yaqi, HUANG Fan, DUAN Xiaolin, et al. Second-order side-channel attacks on Kyber: Targeting the masked hash function[J]. Journal of Cryptologic Research, 2024, 11(6): 1415–1436. doi: 10.13868/j.cnki.jcr.000745.
[8]	ZHAO Yifan, XIE Ruiqi, XIN Guozhu, et al. A high-performance domain-specific processor with matrix extension of RISC-V for module-LWE applications[J]. IEEE Transactions on Circuits and Systems I: Regular Papers, 2022, 69(7): 2871–2884. doi: 10.1109/TCSI.2022.3162593.
[9]	XING Yufei and LI Shuguo. A compact hardware implementation of CCA-secure key exchange mechanism CRYSTALS-KYBER on FPGA[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021, 2020(2): 328–356. doi: 10.46586/tches.v2021.i2.328-356.
[10]	ZHAO Yiqiang, PAN Shijian, MA Haocheng, et al. Side channel security oriented evaluation and protection on hardware implementations of Kyber[J]. IEEE Transactions on Circuits and Systems I: Regular Papers, 2023, 70(12): 5025–5035. doi: 10.1109/TCSI.2023.3288600.
[11]	MA Haocheng, PAN Shijian, GAO Ya, et al. Vulnerable PQC against side channel analysis - a case study on Kyber[C]. 2022 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), Singapore, Singapore, 2022: 1–6. doi: 10.1109/AsianHOST56390.2022.10022165.
[12]	WANG Jian, CAO Weiqiong, CHEN Hua, et al. Blink: Breaking parallel implementation of crystals-Kyber with side-channel attack[C]. 2024 IEEE 42nd International Conference on Computer Design (ICCD), Milan, Italy, 2024: 105–113. doi: 10.1109/ICCD63220.2024.00026.
[13]	JI Yanning, WANG Ruize, NGO K, et al. A side-channel attack on a hardware implementation of CRYSTALS-Kyber[C]. 2023 IEEE European Test Symposium (ETS), Venezia, Italy, 2023: 1–5. doi: 10.1109/ETS56758.2023.10174000.
[14]	RODRIGUEZ R C, BRUGUIER F, VALEA E, et al. Correlation electromagnetic analysis on an FPGA implementation of CRYSTALS-Kyber[C]. 2023 18th Conference on Ph. D Research in Microelectronics and Electronics (PRIME), Valencia, Spain, 2023: 217–220. doi: 10.1109/PRIME58259.2023.10161764.
[15]	胡伟, 袁超绚, 郑健, 等. 一种针对格基后量子密码的能量侧信道分析框架[J]. 电子与信息学报, 2023, 45(9): 3210–3217. doi: 10.11999/JEIT230267. HU Wei, YUAN Chaoxuan, ZHENG Jian, et al. A power side-channel attack framework for lattice-based post quantum cryptography[J]. Journal of Electronics & Information Technology, 2023, 45(9): 3210–3217. doi: 10.11999/JEIT230267.
[16]	KAMUCHEKA T, NELSON A, ANDREWS D, et al. A masked pure-hardware implementation of Kyber cryptographic algorithm[C]. 2022 International Conference on Field-Programmable Technology (ICFPT), Hong Kong, China, 2022: 1. doi: 10.1109/ICFPT56656.2022.9974404.
[17]	MORAITIS M, JI Yanning, BRISFORS M, et al. Securing CRYSTALS-Kyber in FPGA using duplication and clock randomization[J]. IEEE Design & Test, 2024, 41(5): 7–16. doi: 10.1109/MDAT.2023.3298805.
[18]	JATI A, GUPTA N, CHATTOPADHYAY A, et al. A configurable CRYSTALS-Kyber hardware implementation with side-channel protection[J]. ACM Transactions on Embedded Computing Systems, 2024, 23(2): 33. doi: 10.1145/3587037.
[19]	LI Minghao, TIAN Jing, HU Xiao, et al. Reconfigurable and high-efficiency polynomial multiplication accelerator for CRYSTALS-Kyber[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2023, 42(8): 2540–2551. doi: 10.1109/TCAD.2022.3230359.