Post-Quantum Authenticated Encryption against Chosen-Ciphertext Side-Channel Attacks

Over the last years, side-channel analysis of Post-Quantum Cryptography (PQC) candidates in NIST standardization initiative has received increased attention. In particular, it been shown that some post-quantum Key Encapsulation Mechanisms (KEMs) are vulnerable to Chosen-Ciphertext Side-Channel Attacks (CC-SCA). These powerful attacks target re-encryption step Fujisaki-Okamoto (FO) transform, which is commonly used achieve CCA security such schemes. To sufficiently protect PQC KEMs on embedded devices against a CC-SCA, masking at increasingly higher order required, induces considerable overhead. this work, we propose use conceptually simple construction, ΕtS KEM, alleviates impact CC-SCA. It uses Encrypt-then-Sign (EtS) paradigm introduced by Zheng ISW ’97 and further analyzed An, Dodis Rabin EUROCRYPT ’02, instantiates postquantum authenticated KEM outsider-security model. While construction generic, apply CRYSTALS-Kyber relying CRYSTALSDilithium Falcon signature We show CC-SCA-protected EtS version requires less than 10% cycles required for FO-based cost additional data/communication additionally protecting fault injection attacks, necessarily due added verification, remains negligible compared large FO transform orders. Lastly, discuss relevant cases our construction.