Key recovery on static Kyber based on transient execution attacks

Authors

  • Luccas Ruben J. Constantin-Sukul Aarhus University Author
  • Rasmus Ø. Gammelgaard Aarhus University Author
  • Alexander N. Henriksen Aarhus University Author
  • Diego F. Aranha Aarhus University Author https://orcid.org/0000-0002-2457-0783

DOI:

https://doi.org/10.46586/uasc.2025.006

Abstract

Transient execution attacks on modern processors continue to threaten security by stealing sensitive data from other processes running on the same CPU. A recent example is Downfall, which demonstrated how microarchitecture leakage could reveal short AES keys. We explore the possibility of leaking much longer keys from post-quantum cryptography by combining Gather Data Sampling from Downfall with Flush+Reload to mount a key recovery attack against static Kyber. We reassemble private keys from fragments scattered within random noise by exploiting patterns observed across multiple consecutive loads. The whole attack runs in under 40 minutes with success rate between 60% and 70%, no matter the Kyber security level used by the victim. This underscores the implicit reliance of cryptographic algorithms on the underlying microarchitecture for security.

Downloads

Published

2025-03-01

Issue

2025: Proceeding of the 1st Microarchitecture Security Conference (uASC '25)

Section

Articles