A Look at Side Channel Attacks on Post-quantum Cryptography

Authors

  • Kevin A. Delgado-Vargas Centro de Investigación en Computación, Instituto Politécnico Nacional
  • Cuauhtemoc Mancillas-López Centro de Investigación y de Estudios Avanzados del Instituto Politécnico Nacional.
  • Gina Gallegos-García Centro de Investigación en Computación, Instituto Politécnico Nacional

DOI:

https://doi.org/10.13053/cys-28-4-5130

Keywords:

Post-quantum cryptography (PQC), Side-Channel Attacks (SCAs), Countermeasures, Non-Invasive Attacks

Abstract

Post-quantum cryptography (PQC) is designed to be secure against attacks from quantum computers, yet it remains vulnerable to classic side-channel attacks (SCAs), which exploit physical implementation leaks. This manuscript examines the various SCAs used to evaluate PQC schemes, focusing on non-invasive techniques such as timing, power, and electromagnetic analysis. We provide a detailed account of the execution of these attacks against diverse PQC algorithms and identify common vulnerabilities and weaknesses. Our study reveals that, while various countermeasures have been proposed to protect PQC implementations, they are not entirely effective against sophisticated attacks. Stronger and more resilient countermeasures are needed, especially in IoT environments. The review highlights the weaknesses in the current defenses, including the necessity for more robust masking techniques, adequate security countermeasures tailored to IoT constraints, and methods to generalize SCAs across diverse hardware platforms. These issues must be addressed to enhance the practical security of PQC schemes in real-world scenarios.

Downloads

Published

2024-12-03

Issue

Vol. 28 No. 4 (2024): 28(4) 2024

Section

Articles

License 

Hereby I transfer exclusively to the Journal "Computación y 
Sistemas", published by the Computing Research Center (CIC-IPN),
the Copyright of the aforementioned paper. I also accept that these 
rights will not be transferred to any other publication, in any other 
format, language or other existing means of developing.
I certify that the paper has not been previously disclosed or simultaneo
usly submitted to any other publication, and that it does not contain 
material whose publication would violate the Copyright or other 
proprietary rights of any person, company or institution. I certify that 
I have the permission from the institution or company where I work or 
study to publish this work.
The representative author accepts the responsibility for the publication
of this paper on behalf of each and every one of the authors. 
This transfer is subject to the following conditions:
  • The authors retain all ownership rights (such as patent rights) of this work, except for the publishing rights transferred to the CIC, through this document.
  • Authors retain the right to publish the work in whole or in part in any book they are the authors or publishers. They can also make use of this work in conferences, courses, personal web pages, and so on.
  • Authors may include working as part of his thesis, for non-profit distribution only.