DeepSec 2024 Talk: AI Based Attack on Post Quantum Standard “CRYSTALS Kyber” – Maksim Iavich

Sanna/ October 4, 2024/ Conference/ 0 comments

In recent years, the field of quantum computing has seen remarkable advancements, prompting concerns about the security of current public key cryptosystems in the development’s event of sufficiently powerful quantum computers. Kyber, a post-quantum encryption technique relying on lattice problem hardness, has recently been standardized. However, despite rigorous testing by the National Institute of Standards and Technology (NIST), recent investigations have revealed the efficacy of Crystals-Kyber attacks and their potential impact in real-world scenarios.
Following the publication of the paper “Breaking a Fifth-Order Masked Implementation of CRYSTALS-Kyber by Artificial Intelligence” discussions have emerged regarding the vulnerability of the post-quantum crypto system Kyber. The authors propose a side-channel attack leveraging artificial intelligence, specifically employing a neural network training method known as recursive learning to compromise the system.
Our study explores CRYSTALS-Kyber’s susceptibility to side-channel attacks. We find that in the reference implementation of Kyber512, certain additional functions can be compromised through selected ciphertexts, facilitating successful attacks. Notably, real-time recovery of the entire secret key becomes workable under various assault scenarios.

At DeepSec, I will provide an in-depth explanation of how Kyber operates and conduct a comprehensive analysis of the attack vectors targeting it. We will delve into the question whether Kyber has indeed been compromised. Additionally, during the conference, I will present a protective mechanism designed to mitigate the impact of such attacks.

We asked Maksim a few more questions about his talk.

Please tell us the top 5 facts about your talk.

1. CRYSTALS-Kyber Overview: CRYSTALS-Kyber is a leading post-quantum cryptographic algorithm designed to secure data against quantum computing threats, offering key exchange and public-key encryption. The crypto system is one of post-quantum NIST standards.
2. AI Integration: The talk explores how artificial intelligence and machine learning can potentially be applied to cryptographic analysis, including the ways AI could influence the security landscape of algorithms like CRYSTALS-Kyber.
3. Theoretical Threats: It delves into theoretical vulnerabilities and attack strategies where AI might find weaknesses or accelerate the cryptanalysis process. We will talk about novel methodologies like Masking and Recursive learning.
4. Current Research: The presentation includes a review of recent research and findings related to AI-based attacks on post-quantum cryptographic algorithms. We will analyze the attack on NIST standard and analyze together if the scheme is really broken.
5. Mitigation Strategies: Discussion on strategies to bolster the security of CRYSTALS-Kyber against advanced attack methods, including AI, and an overview of ongoing research in this area.

How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?

It is quite alarming that the NIST standard CRYSTALS-Kyber has been compromised. Experts have varying opinions on whether the AI-based attack poses a significant threat. This discrepancy led me to investigate the issue myself.

Why do you think this is an important topic?

This topic is crucial because, as quantum computers become more feasible, cryptographic algorithms must evolve to ensure data security. CRYSTALS-Kyber represents a promising solution in this post-quantum era. Understanding how AI could potentially compromise such algorithms is essential for developing robust, future-proof security measures. Addressing these concerns now helps prevent potential vulnerabilities before they can be exploited, ensuring that our cryptographic defenses remain strong.

Is there something you want everybody to know – some good advice for our readers maybe?

One key piece of advice is to stay informed about the rapid developments in both AI and cryptography. As technology evolves, so do the methods used to attack and defend against it. Keeping up-to-date with the latest research and advancements helps you better understand and prepare for emerging threats. Additionally, engaging in discussions and collaborations with experts in these fields can provide valuable insights and lead to more effective solutions.

A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?

Looking ahead, I predict AI will continue to play a significant role in both enhancing and challenging cryptographic security. Innovations may include more sophisticated AI-driven cryptanalysis techniques and adaptive algorithms that can automatically respond to potential threats. Conversely, the development of new cryptographic methods, such as more advanced post-quantum algorithms, will likely emerge to counteract these threats. The key challenge will maintain a balance between leveraging AI for defensive while mitigating its potential for misuse in attacking cryptographic systems.

Maksim Iavich is Ph.D. in mathematics and a professor of computer science. In 2018, he was acknowledged as the best young scientist of Georgia in computer science. Maksim is an affiliate professor and the Head of Cyber Security Direction at Caucasus University. He is also a Head of the Information Technologies bachelor and of the IT Management master programs. Since 2020, Maksim Iavich is an expert-evaluator at the National Center for Education Quality Development of Georgia. Furthermore Prof. Iavich is a Director of the Cyber Security Center, CST (CU), the CEO & President of the Scientific Cyber Security Association (SCSA) and a cybersecurity consultant in Georgian and international organizations. He’s a speaker at international cyber security conferences and the organizer of many scientific cyber security events. He has many scientific awards in the cyber security field, mainly in cryptography and is the author of many scientific papers. The topics of the papers are cyber security, cryptography, post-quantum cryptography, quantum cryptography, mathematical models, 5G security, machine learning and simulations.