Post-Quantum Cryptography: Implementation Attacks and Countermeasures
Abstract
Post-Quantum Cryptography (PQC) encompasses cryptographic algorithms, typically public-key algorithms, designed to be secure against quantum and classical computers. Motivated by the threat posed by quantum computing to the security of most public-key algorithms currently in use, the National Institute of Standards and Technologies (NIST) started in December 2016 the PQC Standardization Process, a public competition for selection of public-key cryptosystems designed to resist attacks by a quantum computer. After three rounds of competition, in July 2022, NIST announced the first four proposals to be standardized, which include one key-establishment mechanism (i.e., CRYSTALS-Kyber) and three digital signatures (i.e., CRYSTALS-Dilithium, Falcon and SPHINCS+). CRYSTALS-Kyber and CRYSTALS-Dilithium are the primary algorithms recommended for most use cases, while Falcon and SPHINCS+ are proposed for use cases that require small signatures and non-lattice-based signatures, respectively. Shortly after NIST's announcement, in September 2022, the National Security Agency (NSA) published the Commercial National Security Algorithm Suite (CNSA) 2.0 advisory on protection of National Security Systems (NSS), which includes the approved PQC algorithms and the transition timeline. In August 2023, NIST requested public comments on the drafts of the standards derived from CRYSTALS-Kyber, CRYSTALS-Dilithium, and SPHINCS+. This tutorial aims to introduce the audience to the implementation attacks published in the literature against the primary PQC algorithms to be standardized by the National Institute of Standards and Technologies (NIST) and approved by the National Security Agency (NSA) for national security systems (i.e., Kyber and Dilithium) as well as countermeasures against these implementation attacks. Other PQC standardization efforts will be mentioned. The goal is to prepare the hardware security community with the information required to do research in this field, play an active role in the remaining steps of the standardization process, and support secure deployment of PQC.