How to Avoid KyberSlash and Other Vulnerabilities Like It

On Dec. 1, 2023, and again on Dec. 30, vulnerabilities in the Kyber key encapsulation mechanism (KEM) for quantum-safe encryption were reported and patched. Referred to as “KyberSlash 1 and KyberSlash 2,” these flaws could allow the recovery of secret keys and put quantum encryption projects at risk.

CRYSTALS-Kyber is the official implementation of the Kyber KEM and part of the CRYSTALS (Cryptographic Suite for Algebraic Lattices) suite of algorithms, final candidates in NIST’s selection process to standardize quantum-resistant algorithms.

According to the news outlet, BleepingComputer, which broke the story, “The KyberSlash flaws are timing-based attacks arising from how Kyber performs certain division operations in the decapsulation process, allowing attackers to analyze the execution time and derive secrets that could compromise the encryption. If a service implementing Kyber allows multiple operation requests towards the same key pair, an attacker can measure timing differences and gradually compute the secret key.”

KyberSlash underscores the primary use-case for Phio TX – as did RAINBOW and SIKE before it. Mathematically speaking, post-quantum cryptographic algorithms (PQCs) are new and haven’t yet spent decades under public scrutiny like Diffie-Hellman or RSA (See the Forbes article, RSA Security Is On Its Last Legs. Now What?). We should expect these new algorithms, even when the standard is finalized, to be weakened or broken – often.

As such, security-conscious organizations should diversify their enterprise cryptography (a strategy we call Crypto-Diversification) and deploy a key delivery system that works as an architecture overlay, capable of supporting all NIST-standardized PQC algorithms but not defined by, or dependent on, any one of  these young and potentially volatile algorithms.

Moreover, continuous network monitoring and crypto risk assessment from CipherInsights and the Phio TX platform would allow for easy patching when a vulnerability like KyberSlash is discovered. Rather than having to patch on every network node or endpoint – leading to costly disruptions, downtime, and lost productivity – the Phio TX control plane enables the swift changing of key exchange algorithms at scale, ensuring your crypto infrastructure is always optimized and truly agile.

A software platform that supports the implementation of a corporate cryptographic strategy and avoids the need to update every network device and software agent when the corporate policy shifts or circumstances change will soon be a requirement. Good thing there’s Phio TX from Quantum Xchange.

Subscribe to the Quantum Xchange Monthly Newsletter

Quantum Xchange does not share or rent your information to any third parties.