Single-Trace Attacks on Message Encoding in Lattice-Based KEMs

In this article, we propose single-trace side-channel attacks against lattice-based key encapsulation mechanisms (KEMs) that are the third-round candidates of the national institute of standards and technology (NIST) standardization project. Specifically, we analyze the message encoding operation in the encapsulation phase of lattice-based KEMs to obtain an ephemeral session key. We conclude that a single-trace leakage implies a whole key recovery: the experimental results realized on a ChipWhisperer UFO STM32F3 target board achieve a success rate of 100% for $\mathsf {CRYSTALS-KYBER}$ and $\mathsf {SABER}$ regardless of an optimization level and those greater than 79% for $\mathsf {FrodoKEM}$ . We further demonstrate that the proposed attack methodologies are not restricted to the above algorithms but are widely applicable to other NIST post-quantum cryptography (PQC) candidates, including $\mathsf {NTRU Prime}$ and $\mathsf {NTRU}$ .