CRYSTALS-Kyber is one of the public-key algorithms recommended by NIST for its post-quantum cryptography standardization process. Recently, researchers have managed to use a side-channel attack against an implementation of the algorithm that was thought to be secure against such attacks. This side-channel attack involves power consumption, and the researchers used machine-learning to exploit it.
Side-channel attacks are a security issue that has only become more relevant in recent years, as the power consumption of computer hardware has become easier to measure and analyze. It is known that certain operations performed by processors or circuits can cause energy fluctuations, which can then be detected and used to infer information about the system or the data being processed.
In the case of CRYSTALS-Kyber, the side-channel attack was able to reveal information about the key used for encryption. This allows for the encryption to be broken, as the attacker can now calculate the key from the leaked information.
The attack was made possible by the use of machine-learning to train the system to exploit the side-channel. This is an impressive achievement, as machine-learning is not commonly used in security research. It is also a reminder that machine-learning can be used in malicious ways, and that organizations should be aware of the potential security risks it can pose.
It is important to note that this attack does not mean that the CRYSTALS-Kyber algorithm is “broken” or “cracked”, and organizations should not be too concerned about its security. This is simply a side-channel attack, and it is unlikely to be used in real-world attacks.
In conclusion, recent research has shown that side-channel attacks are still a major security threat, and organizations should take the necessary steps to protect against them. Machine-learning can be used to exploit such attacks, and organizations should be aware of the potential security risks it can pose. Despite the attack against CRYSTALS-Kyber, the algorithm is still secure and organizations should not be overly concerned.
Key Points:
• NIST recommends CRYSTALS-Kyber as part of its post-quantum cryptography standardization process
• Researchers have used a side-channel attack, using power consumption, against an implementation of the algorithm
• Machine-learning was used to exploit the side channel
• The attack does not mean the algorithm is “broken” or “cracked”
• Organizations should be aware of the security risks posed by machine-learning and take the necessary steps to protect against side-channel attacks