A cybersecurity firm has reported two vulnerabilities in the Kyber key encapsulation mechanism (KEM), an encryption standard that was developed to protect networks against future attacks by quantum computers. Referred to as “KyberSlash,” these flaws could potentially allow attackers to discover encryption keys. The vulnerabilities, named KyberSlash 1 and KyberSlash 2, are timing-based attacks that exploit the specific division operations performed by Kyber during its decapsulation process.
Kyber KEM, which takes its name from the fictional crystals that power lightsabers in the “Star Wars” series, has been widely adopted by organizations as a means of securing their communications against future decryption by quantum computers. However, the recent discovery of these vulnerabilities has raised concerns about the effectiveness of this encryption standard.
The flaws were initially reported to Kyber’s development team by researchers at cybersecurity firm Cryspen on 1 December. In response, a patch was promptly issued for the encryption standard. However, Cryspen proactively informed projects about the need to apply the fix starting from 15 December, as the patch was not labeled as a security issue.
Although versions of Kyber have been adopted by major companies such as Google, Signal, and Mullvad VPN, it has been confirmed that Mullvad’s services are not impacted by the discovered vulnerabilities. Nevertheless, the vulnerabilities have raised questions about the reliability and security of post-quantum encryption standards.
The Kyber encryption standard was submitted for review to the US National Institute of Standards and Technology (NIST) in 2017 as part of a competition to develop an encryption standard capable of defending networks against attacks by quantum computers. While quantum computers with the ability to break current encryption standards have not been fully realized, recent advancements have sparked interest in adopting post-quantum standards as a precautionary measure.
In the race for post-quantum encryption, other algorithms participating in NIST’s competition have proven to be vulnerable to conventional attacks. For example, Rainbow and SIKE were defeated by researchers using classical computers. The official implementation of Kyber, CRYSTALS-Kyber, was also undermined in 2023 using complex side-channel attacks. Despite these vulnerabilities, NIST released draft standards for Kyber and other algorithms and aims to finalize the competition in the near future.
Major organizations, such as Google and Signal, have already implemented versions of Kyber to enhance their security protocols. This strategy involves combining Kyber with other encryption methods to ensure network traffic remains protected from potential vulnerabilities in post-quantum standards.
Following the discovery of the KyberSlash vulnerabilities, patches have been implemented by the Kyber development team and by AWS. However, updates are still pending for libraries used by Signal and Kudelski Security as of 6 January. Tech Monitor has reached out to both organizations for comment on the matter.
The source of the article is from the blog smartphonemagazine.nl