Low-Cost Shuffling Countermeasures Against Side-Channel Attacks for NTT-Based Post-Quantum Cryptography

Lattice-based cryptography (LBC) schemes are promising candidates in the post-quantum cryptography (PQC) standardization process. Number theoretic transform (NTT), as a crucial technique, is widely used to accelerate LBC implementations on computer systems. However, existing side-channel attacks can recover the secret key in real-world cryptographic devices bypassing mathematical problems. The motivation of this work is to provide a low-cost security-enhanced architecture for NTT-based PQC processors. We convert the nested loops in NTT to a hardware-friendly single-level loop. The corresponding architecture instantiates a unified shuffling controller to schedule the order of independent basic operations. We propose the coefficient index randomization and the NTT network randomization schemes against existing power attacks and template attacks. We further achieve high performance and efficiency on the off-the-shelf FPGAs. The shuffling schemes have a negligible impact on performance, and the resource overhead is only 9%.