Vazamentos de Temporização e Exaustão de Entropia Quântica em ML-KEM (Kyber) com QRNG
Resumo
Este artigo investiga vulnerabilidades em um ambiente de troca de chaves ML-KEM (Kyber) integrado a um gerador quântico de números aleatórios (quantum random number generator – QRNG) em hardware. Nossa análise encontrou falhas em duas frentes: no software, onde o uso de funções não constantes (memcmp) gerou vazamentos por canal lateral de temporização; e na rede, que permitiu ataques de repetição. Embora não quebrassem a criptografia, esses ataques exauriram a entropia quântica do sistema, resultando em Negação de Serviço (denial of service – DoS). Mitigamos essas vulnerabilidades aplicando verificações em tempo constante no núcleo criptográfico e Nonces na camada de aplicação. Testes de fuzzing confirmaram a estabilidade do sistema protegido. Por fim, discutimos a adoção do padrão ETSI GS QKD 014 para contornar a latência do encapsulamento.Referências
Bos, J. W., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, J. M., Schwabe, P., Seiler, G., and Stehlé, D. (2022). CRYSTALS-Kyber: Algorithm specifications and supporting documentation.
Crypta Labs (2025). QCicada QRNG User Guide. London. Version 1.6.
Iavich, M. and Kuchukhidze, T. (2024). Investigating CRYSTALS-Kyber vulnerabilities: Attack analysis and mitigation. Cryptography, 8(2):15.
Ji, Y. and Dubrova, E. (2023). A side-channel attack on a masked hardware implementation of CRYSTALS-Kyber. In Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security (ASHES ’23). ACM.
Kocher, P. C. (1996). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology – CRYPTO ’96, pages 104–113. Springer.
Menezes, A. J., Van Oorschot, P. C., and Vanstone, S. A. (1996). Handbook of Applied Cryptography. CRC Press.
NIST (2015). Recommendation for random number generation using deterministic random bit generators. Technical Report SP 800-90A Rev.1, NIST.
NIST (2023). FIPS 203 (draft): Module-Lattice-Based Key-Encapsulation Mechanism Standard. Technical report, NIST, Gaithersburg, MD.
NIST (2024). Post-Quantum Cryptography Standardization.
OWASP (2024). Fuzzing.
Shor, P. W. (1994). Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings of the 35th Annual Symposium on Foundations of Computer Science, pages 124–134. IEEE.
Stallings, W. (2020). Cryptography and Network Security: Principles and Practice. Pearson, 8 edition.
Syverson, P. F. (1994). A taxonomy of replay attacks. In Proceedings of the 7th Computer Security Foundations Workshop. IEEE Computer Society Press.
Turan, M. S. et al. (2018). Recommendation for the entropy sources used for random bit generation. Technical Report SP 800-90B, NIST, Gaithersburg, MD.
Crypta Labs (2025). QCicada QRNG User Guide. London. Version 1.6.
Iavich, M. and Kuchukhidze, T. (2024). Investigating CRYSTALS-Kyber vulnerabilities: Attack analysis and mitigation. Cryptography, 8(2):15.
Ji, Y. and Dubrova, E. (2023). A side-channel attack on a masked hardware implementation of CRYSTALS-Kyber. In Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security (ASHES ’23). ACM.
Kocher, P. C. (1996). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology – CRYPTO ’96, pages 104–113. Springer.
Menezes, A. J., Van Oorschot, P. C., and Vanstone, S. A. (1996). Handbook of Applied Cryptography. CRC Press.
NIST (2015). Recommendation for random number generation using deterministic random bit generators. Technical Report SP 800-90A Rev.1, NIST.
NIST (2023). FIPS 203 (draft): Module-Lattice-Based Key-Encapsulation Mechanism Standard. Technical report, NIST, Gaithersburg, MD.
NIST (2024). Post-Quantum Cryptography Standardization.
OWASP (2024). Fuzzing.
Shor, P. W. (1994). Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings of the 35th Annual Symposium on Foundations of Computer Science, pages 124–134. IEEE.
Stallings, W. (2020). Cryptography and Network Security: Principles and Practice. Pearson, 8 edition.
Syverson, P. F. (1994). A taxonomy of replay attacks. In Proceedings of the 7th Computer Security Foundations Workshop. IEEE Computer Society Press.
Turan, M. S. et al. (2018). Recommendation for the entropy sources used for random bit generation. Technical Report SP 800-90B, NIST, Gaithersburg, MD.
Publicado
25/05/2026
Como Citar
PAIXÃO, A. C. P. et al.
Vazamentos de Temporização e Exaustão de Entropia Quântica em ML-KEM (Kyber) com QRNG. In: WORKSHOP DE REDES QUÂNTICAS (WQUNETS), 3. , 2026, Praia do Forte/BA.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2026
.
p. 67-72.
DOI: https://doi.org/10.5753/wqunets.2026.22958.
