Side-Channel Secure Cipher Comparison for ML-KEM Hardware

Side-channel secure cipher comparison for ML-KEM hardware

Motivation & Goals:
ML-KEM (formerly Kyber) is one of the new, standardised algorithms of post-quantum cryptography. As part of the decapsulation phase, it is checked at the end whether the reconstructed ciphertext matches the received one - a security-critical step that is vulnerable to side-channel attacks (e.g. timing or power analysis) if not implemented properly.

The aim of this work is to design specialised hardware gadgets that can perform this comparison efficiently and side-channel resistant. The focus is on a constant-time, tamper-resistant design and optional support through formal verification.

Tasks:

Analyse the ciphertext comparison process in ML-KEM and identify potential side-channel leaks.
Design and implementation of hardware gadgets for secure comparisons (e.g. masking, hiding).
Implementation and simulation of a prototype at register transfer level (in Verilog).
Application of formal verification tools to protect against side-channel attacks and functional errors.

Prerequisites:

Basic knowledge of digital hardware design (Verilog/VHDL) and cryptography is desirable.
Interest in security, formal methods and embedded systems.

Contact:
If you are interested or have any questions, please contact: michael.hutter@unibw.de