Fiddling the Twiddle Constants - Fault Injection Analysis of the Number Theoretic Transform

Authors

  • Prasanna Ravi Temasek Laboratories, Nanyang Technological University, Singapore; School of Computer Science and Engineering, Nanyang Technological University, Singapore
  • Bolin Yang Zhejiang University, Hangzhou, China; Alibaba-Zhejiang University Joint Institute of Frontier Technologies, Hangzhou, China
  • Shivam Bhasin Temasek Laboratories, Nanyang Technological University, Singapore
  • Fan Zhang Zhejiang University, Hangzhou, China; Alibaba-Zhejiang University Joint Institute of Frontier Technologies, Hangzhou, China; ZJU-Hangzhou Global Scientific and Technological Innovation Center, Hangzhou, China; Jiaxing Research Institute, Zhejiang University, Jiaxing, China
  • Anupam Chattopadhyay Temasek Laboratories, Nanyang Technological University, Singapore; School of Computer Science and Engineering, Nanyang Technological University, Singapore

DOI:

https://doi.org/10.46586/tches.v2023.i2.447-481

Keywords:

Lattice-based cryptography, Electromagnetic Fault-Injection attack, Number Theoretic Transform, Learning With Error, Kyber, Dilithium

Abstract

In this work, we present the first fault injection analysis of the Number Theoretic Transform (NTT). The NTT is an integral computation unit, widely used for polynomial multiplication in several structured lattice-based key encapsulation mechanisms (KEMs) and digital signature schemes. We identify a critical single fault vulnerability in the NTT, which severely reduces the entropy of its output. This in turn enables us to perform a wide-range of attacks applicable to lattice-based KEMs as well as signature schemes. In particular, we demonstrate novel key recovery and message recovery attacks targeting the key generation and encryption procedure of Kyber KEM. We also propose novel existential forgery attacks targeting deterministic and probabilistic signing procedure of Dilithium, followed by a novel verification bypass attack targeting its verification procedure. All proposed exploits are demonstrated with high success rate using electromagnetic fault injection on optimized implementations of Kyber and Dilithium, from the open-source pqm4 library on the ARM Cortex-M4 microcontroller. We also demonstrate that our proposed attacks are capable of bypassing concrete countermeasures against existing fault attacks on lattice-based KEMs and signature schemes. We believe our work motivates the need for more research towards development of countermeasures for the NTT against fault injection attacks.

Downloads

Published

2023-03-06

Issue

Section

Articles

How to Cite

Fiddling the Twiddle Constants - Fault Injection Analysis of the Number Theoretic Transform. (2023). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2023(2), 447-481. https://doi.org/10.46586/tches.v2023.i2.447-481