Number Theoretic Transform (NTT) is the most essential component for polynomial multiplications used in lattice-based Post-Quantum Cryptography (PQC) algorithms such as Kyber, Dilithium, NTRU etc. However, side-channel attacks (SCA) and hardware vulnerabilities in the form of hardware Trojans may alter control signals to disrupt the circuit's control flow and introduce unconventional delays in the critical hardware of PQC. Hardware Trojans, especially on control signals, are more low cost and impactful than data signals because a single corrupted control signal can disrupt or bypass entire computation sequences, whereas data faults usually cause only localized errors. On the other hand, adversaries can perform Soft Analytical Side Channel Attacks (SASCA) on the design using the inserted hardware Trojan. In this paper, we present a secure NTT architecture capable of detecting unconventional delays, control-flow disruptions, and SASCA, while providing an adaptive fault-correction methodology for their mitigation. Extensive simulations and implementations of our Secure NTT on Artix-7 FPGA with different Kyber variants show that our fault detection and correction modules can efficiently detect and correct faults whether caused unintentionally or intentionally by hardware Trojans with a high success rate, while introducing only modest area and time overheads.

翻译：数论变换（NTT）是Kyber、Dilithium、NTRU等基于格的后量子密码学（PQC）算法中多项式乘法最核心的组成部分。然而，侧信道攻击（SCA）以及硬件木马形式的硬件漏洞可能篡改控制信号，从而破坏电路的控制流，并在PQC关键硬件中引入非正常的延迟。硬件木马，尤其是针对控制信号的木马，比数据信号更具低成本和高影响力，因为单个被破坏的控制信号即可扰乱或绕过整个计算序列，而数据故障通常仅导致局部错误。另一方面，攻击者可以利用植入的硬件木马对设计实施软分析侧信道攻击（SASCA）。本文提出了一种安全的NTT架构，能够检测非正常延迟、控制流中断以及SASCA，同时提供一种自适应故障校正方法以缓解这些威胁。我们在Artix-7 FPGA上对不同Kyber变体进行了广泛的仿真与实现，结果表明，我们的故障检测与校正模块能够高效检测并校正由硬件木马无意或有意引发的故障，且成功率较高，同时仅引入适度的面积与时间开销。