{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T21:47:30Z","timestamp":1770328050044,"version":"3.49.0"},"reference-count":43,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2024,3,27]],"date-time":"2024-03-27T00:00:00Z","timestamp":1711497600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Embed. Comput. Syst."],"published-print":{"date-parts":[[2024,3,31]]},"abstract":"<jats:p>\n            In this work, we present a configurable and side channel resistant implementation of the post-quantum key-exchange algorithm\n            <jats:monospace>CRYSTALS-Kyber<\/jats:monospace>\n            . The implemented design can be configured for different performance and area requirements leading to different trade-offs for different applications. A low area implementation can be achieved in 5,269 LUTs and 2,422 FFs, whereas a high performance implementation required 7,151 LUTs and 3,730 FFs. Due to a deeply pipelined architecture, a high operating speed of more than 250 MHz could be achieved on 28nm Xilinx FPGAs. The side channel resistance is implemented using a carefully chosen set of novel and known techniques such as Fault Detection Hashes, Instruction Randomization, FSM Protection and so on. resulting in a low overhead of less than 5% while being highly configurable. To the best of our knowledge, this work presents the first side-channel and fault attack protected configurable accelerator for\n            <jats:monospace>CRYSTALS-Kyber<\/jats:monospace>\n            . Using TVLA (test vector leakage assessment), we validate the implemented protection techniques and demonstrate that the design does not leak information even after 200 K traces. Furthermore, one of the configuration choices results in the smallest hardware implementation of\n            <jats:monospace>CRYSTALS-Kyber<\/jats:monospace>\n            known in the literature.\n          <\/jats:p>","DOI":"10.1145\/3587037","type":"journal-article","created":{"date-parts":[[2023,3,6]],"date-time":"2023-03-06T12:38:38Z","timestamp":1678106318000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":34,"title":["A Configurable CRYSTALS-Kyber Hardware Implementation with Side-Channel Protection"],"prefix":"10.1145","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1082-4049","authenticated-orcid":false,"given":"Arpan","family":"Jati","sequence":"first","affiliation":[{"name":"NTU, Nanyang Ave, Singapore and IIIT Delhi, New Delhi, Delhi, India"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3056-9241","authenticated-orcid":false,"given":"Naina","family":"Gupta","sequence":"additional","affiliation":[{"name":"NTU, Nanyang Ave, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8818-6983","authenticated-orcid":false,"given":"Anupam","family":"Chattopadhyay","sequence":"additional","affiliation":[{"name":"NTU, Nanyang Ave, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1046-184X","authenticated-orcid":false,"given":"Somitra Kumar","family":"Sanadhya","sequence":"additional","affiliation":[{"name":"IIT Jodhpur, Karwar, Rajasthan, India"}]}],"member":"320","published-online":{"date-parts":[[2024,3,27]]},"reference":[{"key":"e_1_3_2_2_2","volume-title":"Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process","author":"Alagic Gorjan","year":"2022","unstructured":"Gorjan Alagic, David Cooper, Quynh Dang, Thinh Dang, John M. Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl A. Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Daniel Smith-Tone, and Daniel Apon. 2022. Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process. Technical Report. National Institute of Standards and Technology Gaithersburg, MD."},{"key":"e_1_3_2_3_2","doi-asserted-by":"crossref","first-page":"219","DOI":"10.46586\/tches.v2020.i3.219-242","article-title":"ISA extensions for finite field arithmetic","author":"Alkim Erdem","year":"2020","unstructured":"Erdem Alkim, H\u00fclya Evkan, Norman Lahr, Ruben Niederhagen, and Richard Petri. 2020. ISA extensions for finite field arithmetic. IACR Transactions on Cryptographic Hardware and Embedded Systems (2020), 219\u2013242.","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded Systems"},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1038\/s41586-019-1666-5"},{"key":"e_1_3_2_5_2","doi-asserted-by":"crossref","first-page":"470","DOI":"10.1007\/978-3-540-71039-4_30","volume-title":"Proceedings of the International Workshop on Fast Software Encryption","author":"Aumasson Jean-Philippe","year":"2008","unstructured":"Jean-Philippe Aumasson, Simon Fischer, Shahram Khazaei, Willi Meier, and Christian Rechberger. 2008. New features of Latin dances: Analysis of Salsa, ChaCha, and Rumba. In Proceedings of the International Workshop on Fast Software Encryption. Springer, 470\u2013488."},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2005.862424"},{"issue":"3","key":"e_1_3_2_7_2","doi-asserted-by":"crossref","first-page":"031045","DOI":"10.1103\/PhysRevX.6.031045","article-title":"Hybrid quantum-classical approach to correlated materials","volume":"6","author":"Bauer Bela","year":"2016","unstructured":"Bela Bauer, Dave Wecker, Andrew J. Millis, Matthew B. Hastings, and Matthias Troyer. 2016. Hybrid quantum-classical approach to correlated materials. Physical Review X 6, 3 (2016), 031045.","journal-title":"Physical Review X"},{"key":"e_1_3_2_8_2","first-page":"13","volume-title":"Proceedings of the International Cryptographic Module Conference","volume":"1001","author":"Becker G.","year":"2013","unstructured":"G. Becker, J. Cooper, E. DeMulder, G. Goodwill, J. Jaffe, G. Kenworthy, T. Kouzminov, A. Leiserson, M. Marson, P. Rohatgi, and S. Saab. 2013. Test vector leakage assessment (TVLA) methodology in practice. In Proceedings of the International Cryptographic Module Conference, Vol. 1001. 13."},{"key":"e_1_3_2_9_2","first-page":"368","volume-title":"Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques","author":"Bernstein Daniel J.","year":"2015","unstructured":"Daniel J. Bernstein, Daira Hopwood, Andreas H\u00fclsing, Tanja Lange, Ruben Niederhagen, Louiza Papachristodoulou, Michael Schneider, Peter Schwabe, and Zooko Wilcox-O\u2019Hearn. 2015. SPHINCS: Practical stateless hash-based signatures. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 368\u2013397."},{"key":"e_1_3_2_10_2","unstructured":"Guido Bertoni Joan Daemen Micha\u00ebl Peeters and Gilles Van Assche. (n.d.). Keccak Hardware Implementation. Retrieved 7 April 2023 from https:\/\/keccak.team\/hardware.html"},{"key":"e_1_3_2_11_2","first-page":"313","volume-title":"Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques","author":"Bertoni Guido","year":"2013","unstructured":"Guido Bertoni, Joan Daemen, Micha\u00ebl Peeters, and Gilles Van Assche. 2013. Keccak. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 313\u2013314."},{"issue":"11","key":"e_1_3_2_12_2","doi-asserted-by":"crossref","first-page":"4648","DOI":"10.1109\/TCSI.2021.3106639","article-title":"Instruction-set accelerated implementation of CRYSTALS-Kyber","volume":"68","author":"Bisheh-Niasar Mojtaba","year":"2021","unstructured":"Mojtaba Bisheh-Niasar, Reza Azarderakhsh, and Mehran Mozaffari Kermani. 2021. Instruction-set accelerated implementation of CRYSTALS-Kyber. Trans. Circuits Syst. I Regul. Pap. IEEE Transactions on Circuits and Systems I: Regular Papers 68, 11 (2021), 4648\u20134659.","journal-title":"Trans. Circuits Syst. I Regul. Pap. IEEE Transactions on Circuits and Systems I: Regular Papers"},{"key":"e_1_3_2_13_2","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1109\/ARITH51176.2021.00028","volume-title":"Proceedings of the 2021 IEEE 28th Symposium on Computer Arithmetic.","author":"Bisheh-Niasar Mojtaba","year":"2021","unstructured":"Mojtaba Bisheh-Niasar, Reza Azarderakhsh, and Mehran Mozaffari-Kermani. 2021. High-speed NTT-based polynomial multiplication accelerator for post-quantum cryptography. In Proceedings of the 2021 IEEE 28th Symposium on Computer Arithmetic. IEEE, 94\u2013101."},{"key":"e_1_3_2_14_2","first-page":"353","volume-title":"Proceedings of the2018 IEEE European Symposium on Security and Privacy","author":"Bos Joppe","year":"2018","unstructured":"Joppe Bos, L\u00e9o Ducas, Eike Kiltz, Tancr\u00e8de Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehl\u00e9. 2018. CRYSTALS-Kyber: A CCA-secure module-lattice-based KEM. In Proceedings of the2018 IEEE European Symposium on Security and Privacy. IEEE, 353\u2013367."},{"issue":"3","key":"e_1_3_2_15_2","doi-asserted-by":"crossref","first-page":"21","DOI":"10.46586\/tches.v2018.i3.21-43","article-title":"Differential fault attacks on deterministic lattice signatures","volume":"2018","author":"Bruinderink Leon Groot","year":"2018","unstructured":"Leon Groot Bruinderink and Peter Pessl. 2018. Differential fault attacks on deterministic lattice signatures. IACR Transactions on Cryptographic Hardware and Embedded Systems 2018, 3 (2018), 21\u201343.","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded Systems"},{"key":"e_1_3_2_16_2","doi-asserted-by":"crossref","first-page":"117","DOI":"10.1007\/978-3-642-25405-5_8","volume-title":"Proceedings of the International Workshop on Post-Quantum Cryptography","author":"Buchmann Johannes","year":"2011","unstructured":"Johannes Buchmann, Erik Dahmen, and Andreas H\u00fclsing. 2011. XMSS-a practical forward secure signature scheme based on minimal security assumptions. In Proceedings of the International Workshop on Post-Quantum Cryptography. Springer, 117\u2013129."},{"key":"e_1_3_2_17_2","article-title":"Implementation and benchmarking of round 2 candidates in the NIST post-quantum cryptography standardization process using hardware and software\/hardware co-design approaches.","author":"Dang Viet B.","year":"2020","unstructured":"Viet B. Dang, Farnoud Farahmand, Michal Andrzejczak, Kamyar Mohajerani, Duc Tri Nguyen, and Kris Gaj. 2020. Implementation and benchmarking of round 2 candidates in the NIST post-quantum cryptography standardization process using hardware and software\/hardware co-design approaches. Cryptology ePrint Archive: Report 2020\/795.https:\/\/eprint.iacr.org\/2020\/795.","journal-title":"Cryptology ePrint Archive: Report 2020\/795."},{"key":"e_1_3_2_18_2","volume-title":"The Fabric of Reality: The Science of Parallel Universes and Its Implications","year":"1998","unstructured":"Deutsch. 1998. The Fabric of Reality: The Science of Parallel Universes and Its Implications. Penguin Books."},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2018.2833119"},{"issue":"6","key":"e_1_3_2_20_2","first-page":"467","article-title":"Simulating physics with computers","volume":"21","author":"Feynman R.","year":"1998","unstructured":"R. Feynman. 1998. Simulating physics with computers. International Journal of Theoretical Physics 21, 6\u20137 (1998), 467\u2013488.","journal-title":"International Journal of Theoretical Physics"},{"key":"e_1_3_2_21_2","first-page":"530","volume-title":"Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems","author":"G\u00fcneysu Tim","year":"2012","unstructured":"Tim G\u00fcneysu, Vadim Lyubashevsky, and Thomas P\u00f6ppelmann. 2012. Practical lattice-based cryptography: A signature scheme for embedded systems. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 530\u2013547."},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/TCSII.2021.3103184"},{"key":"e_1_3_2_23_2","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1007\/978-3-030-90553-8_3","volume-title":"Proceedings of the International Conference on Security and Privacy","author":"Hamoudi Meziane","year":"2021","unstructured":"Meziane Hamoudi, Amina Bel Korchi, Sylvain Guilley, Sofiane Takarabt, Khaled Karray, and Youssef Souissi. 2021. Side-channel analysis of CRYSTALS-Kyber and a novel low-cost countermeasure. In Proceedings of the International Conference on Security and Privacy. Springer, 30\u201346."},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1080\/0161-110291890885"},{"key":"e_1_3_2_25_2","first-page":"1","volume-title":"Proceedings of the 2019 IEEE International Symposium on Circuits and Systems.","author":"Howe James","year":"2019","unstructured":"James Howe, Ayesha Khalid, Marco Martinoli, Francesco Regazzoni, and Elisabeth Oswald. 2019. Fault attack countermeasures for error samplers in lattice-based cryptography. In Proceedings of the 2019 IEEE International Symposium on Circuits and Systems. IEEE, 1\u20135."},{"issue":"17","key":"e_1_3_2_26_2","first-page":"17","article-title":"A pure hardware implementation of crystals-kyber PQC algorithm through resource reuse","volume":"2020","author":"Huang Yiming","year":"2020","unstructured":"Yiming Huang, Miaoqing Huang, Zhongkui Lei, and Jiaxuan Wu. 2020. A pure hardware implementation of crystals-kyber PQC algorithm through resource reuse. IEICE Electronics Express 2020, 17 (2020), 17\u201320200234.","journal-title":"IEICE Electronics Express"},{"key":"e_1_3_2_27_2","first-page":"440","volume-title":"Proceedings of the International Conference on Information Security and Cryptology","author":"Itoh Kouichi","year":"2001","unstructured":"Kouichi Itoh, Masahiko Takenaka, and Naoya Torii. 2001. DPA countermeasure based on the \u201cmasking method\u201d. In Proceedings of the International Conference on Information Security and Cryptology. Springer, 440\u2013456."},{"key":"e_1_3_2_28_2","article-title":"Practical Quantum Computers","author":"Juskalian Russ","year":"2017","unstructured":"Russ Juskalian. 2017. Practical Quantum Computers. MIT Technology Review. (March\/April 2017). Retrieved 7 April 2023 from https:\/\/www.technologyreview.com\/technology\/practical-quantum-computers\/.","journal-title":"MIT Technology Review"},{"key":"e_1_3_2_29_2","first-page":"95","volume-title":"Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems","author":"Kim HeeSeok","year":"2011","unstructured":"HeeSeok Kim, Seokhie Hong, and Jongin Lim. 2011. A fast and provably secure higher-order masking of AES S-box. In Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 95\u2013107."},{"key":"e_1_3_2_30_2","first-page":"114","article-title":"A public-key cryptosystem based on algebraic coding theory","volume":"44","author":"Mceliece Robert J.","year":"1978","unstructured":"Robert J. Mceliece. 1978. A public-key cryptosystem based on algebraic coding theory. Deep Space Network Progress Report 44 (1978), 114\u2013116. https:\/\/ntrs.nasa.gov\/api\/citations\/19780016269\/downloads\/19780016269.pdf#page=123.","journal-title":"Deep Space Network Progress Report"},{"key":"e_1_3_2_31_2","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1007\/3-540-44670-2_12","volume-title":"Proceedings of the Cryptography and Lattices","author":"Nguyen Phong Q.","year":"2001","unstructured":"Phong Q. Nguyen and Jacques Stern. 2001. The two faces of lattices in cryptology. In Proceedings of the Cryptography and Lattices. Springer, 146\u2013180."},{"issue":"2","key":"e_1_3_2_32_2","article-title":"Knapsack-type cryptosystems and algebraic coding theory","volume":"15","author":"Niederreiter Harald","year":"1986","unstructured":"Harald Niederreiter. 1986. Knapsack-type cryptosystems and algebraic coding theory. Prob. Control and Inf. Theory 15, 2 (1986), 157\u2013166.","journal-title":"Prob. Control and Inf. Theory"},{"key":"e_1_3_2_33_2","doi-asserted-by":"crossref","first-page":"529","DOI":"10.1007\/11935308_38","volume-title":"Proceedings of the Information and Communications Security.","author":"Nikova Svetla","year":"2006","unstructured":"Svetla Nikova, Christian Rechberger, and Vincent Rijmen. 2006. Threshold implementations against side-channel attacks and glitches. In Proceedings of the Information and Communications Security.Peng Ning, Sihan Qing, and Ninghui Li (Eds.), Springer, 529\u2013545."},{"key":"e_1_3_2_34_2","unstructured":"NIST. (n.d.). Submission requirements and evaluation criteria for the post-quantum cryptography standardization process. Retrieved 7 April 2023 from http:\/\/csrc.nist.gov\/groups\/ST\/post-quantum-crypto\/documents\/call-for-proposals-final-dec-2016.pdf."},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11659-4_12"},{"issue":"2","key":"e_1_3_2_36_2","doi-asserted-by":"crossref","first-page":"37","DOI":"10.46586\/tches.v2021.i2.37-60","article-title":"Fault attacks on CCA-secure lattice KEMs","volume":"2021","author":"Pessl Peter","year":"2021","unstructured":"Peter Pessl and Lukas Prokop. 2021. Fault attacks on CCA-secure lattice KEMs. IACR Transactions on Cryptographic Hardware and Embedded Systems 2021, 2 (2021), 37\u201360.","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded Systems"},{"key":"e_1_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66787-4_25"},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2020.i3.307-335"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1137\/S0097539703440678"},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1109\/TC.1980.1675608"},{"key":"e_1_3_2_41_2","article-title":"Chosen-ciphertext clustering attack on CRYSTALS-KYBER using the side-channel leakage of barrett reduction","author":"Sim Bo-Yeon","year":"2021","unstructured":"Bo-Yeon Sim, Aesun Park, and Dong-Guk Han. 2021. Chosen-ciphertext clustering attack on CRYSTALS-KYBER using the side-channel leakage of barrett reduction. Cryptology ePrint Archive (2021). https:\/\/eprint.iacr.org\/2021\/874.","journal-title":"Cryptology ePrint Archive"},{"key":"e_1_3_2_42_2","doi-asserted-by":"publisher","DOI":"10.1155\/2009\/501672"},{"issue":"2","key":"e_1_3_2_43_2","doi-asserted-by":"crossref","first-page":"328","DOI":"10.46586\/tches.v2021.i2.328-356","article-title":"A compact hardware implementation of CCA-secure key exchange mechanism CRYSTALS-KYBER on FPGA","volume":"2021","author":"Xing Yufei","year":"2021","unstructured":"Yufei Xing and Shuguo Li. 2021. A compact hardware implementation of CCA-secure key exchange mechanism CRYSTALS-KYBER on FPGA. IACR Transactions on Cryptographic Hardware and Embedded Systems 2021, 2 (2021), 328\u2013356.","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded Systems"},{"issue":"9","key":"e_1_3_2_44_2","first-page":"2163","article-title":"Magnifying side-channel leakage of lattice-based cryptosystems with chosen ciphertexts: The case study of kyber","volume":"71","author":"Xu Zhuang","year":"2021","unstructured":"Zhuang Xu, Owen Michael Pemberton, Sujoy Sinha Roy, David Oswald, Wang Yao, and Zhiming Zheng. 2021. Magnifying side-channel leakage of lattice-based cryptosystems with chosen ciphertexts: The case study of kyber. IEEE Transactions on Computers 71, 9 (2021), 2163\u20132176.","journal-title":"IEEE Transactions on Computers"}],"container-title":["ACM Transactions on Embedded Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3587037","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3587037","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:37:33Z","timestamp":1750178253000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3587037"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,27]]},"references-count":43,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2024,3,31]]}},"alternative-id":["10.1145\/3587037"],"URL":"https:\/\/doi.org\/10.1145\/3587037","relation":{},"ISSN":["1539-9087","1558-3465"],"issn-type":[{"value":"1539-9087","type":"print"},{"value":"1558-3465","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3,27]]},"assertion":[{"value":"2022-05-03","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-02-13","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-03-27","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}