Expand description
First-order arithmetic masking for DPA/template attack protection.
First-order arithmetic masking for ML-KEM polynomials
(countermeasure: DPA / DEMA / CPA on the K-PKE secret s).
§Principle
Every secret polynomial is kept as two additive shares modulo q:
s = s_0 + s_1 (mod q). Shares are drawn uniformly at random and
each operation consuming the secret (NTT, pointwise multiplication
with a public polynomial, additions / subtractions) is rewritten
to operate on the shares without ever materialising the unmasked
s. Fresh-randomness refreshes (MaskedPoly::refresh) break
cross-operation correlations that a high-order DPA could otherwise
exploit.
Because the unmasked s never exists as a single value in memory,
the Hamming-weight / Hamming-distance hypothesis at the core of
CPA becomes non-identifiable: correlating the power trace with a
guess of any byte of s produces no peak since each share alone
is uniform.
§Available operations
| Function | Description |
|---|---|
MaskedPoly::mask | Split a plaintext polynomial into two shares |
MaskedPoly::unmask | Reconstruct the polynomial from shares |
MaskedPoly::refresh | Re-randomize shares (prevents correlation buildup) |
masked_ntt / masked_ntt_inv | NTT on each share independently |
masked_multiply_public | Multiply masked poly by a public poly |
masked_add / masked_sub | Add/subtract two masked polys |
masked_multiply_accumulate | Fused multiply-add with a public poly |
§References
- Side-channel analysis of the ML-KEM pointwise multiplication
(IACR ePrint 2025,
doc/papers/eprint2025_sca_mlkem_pointwise.pdf) — identifies the pointwise multiplication as the key DPA target; masking the shares defeats the published attack. - ML-KEM and ML-DSA on OpenTitan: side-channel evaluation (cryptojedi, 2024) — independent evaluation of the trace-count blow-up induced by masking.
§Where to look next
- Countermeasure description and threat analysis:
doc/sca/countermeasures/ml_kem.rst, section DPA / DEMA / CPA — first-order masking of the KPKE secret. - Call sites:
keygen_internal_sca,decaps_internal_sca,crate::ml_kem::kpke::decrypt_sca.
§Scope and residual risk
Masking is first-order. A higher-order DPA that combines two
independent time samples can still recover the secret with
substantially more traces. Tier-4 item K-SCA3 (not yet
scheduled) would extend this to a 3-share scheme (CC EAL4+-grade).
Structs§
- Masked
Poly - A polynomial split into two additive shares modulo q.
Functions§
- masked_
add - Add two masked polynomials share-wise.
- masked_
add_ public - Add a public polynomial to a masked polynomial.
- masked_
multiply_ accumulate - Fused multiply-accumulate:
out += masked * public(NTT domain). - masked_
multiply_ public - Multiply a masked polynomial by a public polynomial in NTT domain.
- masked_
ntt - Apply the forward NTT to each share of a
MaskedPolyindependently. - masked_
ntt_ inv - Apply the inverse NTT to each share of a
MaskedPolyindependently. - masked_
sub - Subtract two masked polynomials share-wise.