CRYSTALS-Kyber hardware implementations are vulnerable to side-channel attacks. Method: This paper proposes a hardware-friendly dynamic execution-order countermeasure based on an enhanced Fisher–Yates shuffling algorithm. It designs a synthesizable, customized shuffling control unit and constructs a compact dynamic execution-order architecture that achieves full-module instruction-level randomization without increasing critical-path latency. Contribution/Results: This is the first work to introduce hardware-customized shuffling into post-quantum key encapsulation mechanism (KEM) hardware protection, balancing high security and efficiency. FPGA implementation incurs only 8.7% area overhead. Correlation power analysis (CPA) and t-test-based leakage assessment (TVLA) confirm no statistically significant information leakage. The shuffled execution sequence passes the NIST SP 800-22 randomness test suite, satisfying standardized side-channel resistance requirements.

CRYSTALS-Kyber has been standardized as the only key-encapsulation mechanism (KEM) scheme by NIST to withstand attacks by large-scale quantum computers. However, the side-channel attacks (SCAs) on its implementation are still needed to be well considered for the upcoming migration. In this brief, we propose a secure and efficient hardware implementation for Kyber by incorporating a novel compact shuffling architecture. First of all, we modify the Fisher-Yates shuffle to make it more hardware-friendly. We then design an optimized shuffling architecture for the well-known open-source Kyber hardware implementation to enhance the security of all known and potential side-channel leakage points. Finally, we implement the modified Kyber design on FPGA and evaluate its security and performance. The security is verified by conducting correlation power analysis (CPA) and test vector leakage assessment (TVLA) on the hardware. Meanwhile, FPGA place-and-route results show that the proposed design reports only 8.7% degradation on the hardware efficiency compared with the original unprotected version, much better than existing hardware hiding schemes.