In hardware implementations of Kyber, the Barrett reduction within Cooley–Tukey butterfly units (CT-BUs) is vulnerable to fault-injection attacks, leading to side-channel information leakage. Method: This paper proposes three lightweight recomputation-based fault-detection techniques for Barrett reduction: RENO (operand negation), RESO (operand bit-shift), and the novel RESWO (recomputation with operand permutation). All three methods operate with comparable hardware overhead. Contribution/Results: Each achieves near-100% detection coverage for both single-bit and multi-bit faults. Notably, RESWO significantly reduces critical-path latency, outperforming RENO and RESO in timing efficiency. Implemented and validated on FPGA, the proposed schemes jointly achieve high fault-detection coverage and low latency, providing an efficient, practical reliability assurance mechanism for post-quantum cryptographic hardware accelerators.

A fault can occur naturally or intentionally. However, intentionally injecting faults into hardware accelerators of Post-Quantum Cryptographic (PQC) algorithms may leak sensitive information. This intentional fault injection in side-channel attacks compromises the reliability of PQC implementations. The recently NIST-standardized key encapsulation mechanism (KEM), Kyber may also leak information at the hardware implementation level. This work proposes three efficient and lightweight recomputation-based fault detection methods for Barrett Reduction in the Cooley-Tukey Butterfly Unit (CT-BU) of Kyber on a Field Programmable Gate Array (FPGA). The CT-BU and Barrett Reduction are fundamental components in structured lattice-based PQC algorithms, including Kyber, NTRU, Falcon, CRYSTALS-Dilithium, etc. This paper introduces a new algorithm, Recomputation with Swapped Operand (RESWO), for fault detection. While Recomputation with Negated Operand (RENO) and Recomputation with Shifted Operand (RESO) are existing methods used in other PQC hardware algorithms. To the best of our knowledge, RENO and RESO have never been used in Barrett Reduction before. The proposed RESWO method consumes a similar number of slices compared to RENO and RESO. However, RESWO shows lesser delay compared to both RENO and RESO. The fault detection efficiency of RESWO, RENO, and RESO is nearly 100%.