The emergence of quantum computers threatens traditional public key cryptographic algorithms like RSA and ECDSA, driving the development of post-quantum cryptography. Among post-quantum cryptography approaches, lattice-based cryptography is a key candidate for securing embedded systems. However, post-quantum cryptography implementations remain vulnerable to side-channel attacks, which exploit physical leakages such as timing, power, and electromagnetic emissions. In this paper, we propose a one-time chosen-ciphertext simple power attack targeting ML-KEM-512 scheme. Leveraging side-channel leakages from the inverse number theoretic transform operation and the decoding process, our method enables efficient recovery of the long-term secret key with AI algorithms for automated feature extraction and classification, eliminating the need for template construction or extensive parameter tuning. We introduce an adaptive classification method for ring- or sphere-shaped data distributions, enhancing adaptability and reducing parameter dependency. Experimental results on the reference ML-KEM implementation in the pqm4 library demonstrate that, compared to previous approaches, our method reduces the number of traces needed for key recovery by 66.67%. This significant reduction improves both the efficiency and practicality of the method in real-world applications.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

One Time is Enough: Chosen-Ciphertext Side-Channel Attack on ML-KEM Cryptosystems

  • Yuhan Qian,
  • Jing Gao,
  • Yuchen Zhong,
  • Yaoling Ding,
  • Jingjie Wu,
  • Weiping Gong,
  • Zihe Lin,
  • An Wang

摘要

The emergence of quantum computers threatens traditional public key cryptographic algorithms like RSA and ECDSA, driving the development of post-quantum cryptography. Among post-quantum cryptography approaches, lattice-based cryptography is a key candidate for securing embedded systems. However, post-quantum cryptography implementations remain vulnerable to side-channel attacks, which exploit physical leakages such as timing, power, and electromagnetic emissions. In this paper, we propose a one-time chosen-ciphertext simple power attack targeting ML-KEM-512 scheme. Leveraging side-channel leakages from the inverse number theoretic transform operation and the decoding process, our method enables efficient recovery of the long-term secret key with AI algorithms for automated feature extraction and classification, eliminating the need for template construction or extensive parameter tuning. We introduce an adaptive classification method for ring- or sphere-shaped data distributions, enhancing adaptability and reducing parameter dependency. Experimental results on the reference ML-KEM implementation in the pqm4 library demonstrate that, compared to previous approaches, our method reduces the number of traces needed for key recovery by 66.67%. This significant reduction improves both the efficiency and practicality of the method in real-world applications.