Subliminal Channels in CRYSTALS-Kyber Key-Encapsulation Mechanism and their Use in Quantum-Resistant TLS Protocols

Cryptographic protocols can be used to covertly exchange information without arousing suspicion. The covert channels created in this way are called subliminal channels. In this work, three different subliminal channels using CRYSTALS-Kyber are discovered. Kyber is employed in the Module-Lattice-based Key-Encapsulation Mechanism (ML-KEM) standard published in FIPS 203. In the found subliminal channels, the covert message is embedded in the random data needed by the encapsulation or the key generation algorithms. Two settings are differentiated depending on if the covert receiver is an overt entity executing the key exchange protocol, or a man-in-the-middle. An important feature achieved by the proposed subliminal channels is plausible deniability. Covert entities can convince a jury that they did not use a subverted version of the original Kyber algorithms by showing the random data used in the protocol, the values exchanged and the outputs of the algorithms. The proposed subliminal channels can be used in quantum-resistant proposals of TLS (Transport Layer Security). Concretely, this work explores the use of the proposed subliminal channels in PQTLS and KEMTLS. Also, some countermeasures are proposed in the paper. Experimental results show that the overhead in execution times is not significant, and that from 2 to 34 bytes of covered information can be transmitted per TLS handshake.