Countermeasures against Side-Channel Attacks in FrodoKEM: An Implementation Study

FrodoKEM is a lattice-based Public-Key Encryption (PKE)/Key Encapsulation Mechanism (KEM) scheme selected as a third-round candidate in the National Institute of Standards and Technology (NIST) post-quantum cryptography standardization process. It has also been recommended by the German Federal Office for Information Security and the Dutch National Communications Security Agency as a long-term confidential encryption algorithm and has been included in the ISO/IEC JTC 1/SC 27/WG 2 draft international standard for post-quantum cryptography. To address the threats of Side-Channel Attacks (SCA, including timing attacks, power analysis attacks, and fault attacks) against FrodoKEM, this paper proposes a security-enhanced implementation scheme. Specifically, during the sampling phase and ciphertext comparison, isochronous operations are adopted to eliminate timing sensitivity and mitigate timing attack risks. In public key computation, masking techniques are introduced to obscure critical data and operations, thereby resisting power analysis attacks. Additionally, a sampling calibration mechanism is implemented to detect and circumvent fault attacks. Under the same parameter sets, a performance comparison between the SCA-resistant scheme and the original FrodoKEM demonstrates that the computational overhead increase is less than 0.8%. The scheme’s strengthened resilience against SCA is further validated through Test Vector Leakage Assessment (TVLA), achieving a balance between enhanced security and minimal performance degradation.