Exploiting Small-Norm Polynomial Multiplication with Physical Attacks

Application to CRYSTALS-Dilithium

Authors

  • Olivier Bronchain NXP Semiconductors, Eindhoven, Netherlands
  • Melissa Azouaoui NXP Semiconductors, Eindhoven, Netherlands
  • Mohamed ElGhamrawy NXP Semiconductors, Eindhoven, Netherlands
  • Joost Renes NXP Semiconductors, Eindhoven, Netherlands
  • Tobias Schneider NXP Semiconductors, Eindhoven, Netherlands

DOI:

https://doi.org/10.46586/tches.v2024.i2.359-383

Keywords:

Lattice-based Cryptography, Post-Quantum Cryptography, Side- Channel Attacks, Fault Attacks, CRYSTALS-Dilithium

Abstract

We present a set of physical profiled attacks against CRYSTALS-Dilithium that accumulate noisy knowledge on secret keys over multiple signatures, finally leading to a full key recovery attack. The methodology is composed of two steps. The first step consists of observing or inserting a bias in the posterior distribution of sensitive variables. The second step is an information processing phase which is based on belief propagation and effectively exploits that bias. The proposed concrete attacks rely on side-channel information, induced faults or possibly a combination of the two. Interestingly, the adversary benefits most from this previous knowledge when targeting the released signatures, however, the latter are not strictly necessary. We show that the combination of a physical attack with the binary knowledge of acceptance or rejection of a signature also leads to exploitable information on the secret key. Finally, we demonstrate that this approach is also effective against shuffled implementations of CRYSTALS-Dilithium.

Downloads

Published

2024-03-12

Issue

Section

Articles

How to Cite

Exploiting Small-Norm Polynomial Multiplication with Physical Attacks: Application to CRYSTALS-Dilithium. (2024). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024(2), 359-383. https://doi.org/10.46586/tches.v2024.i2.359-383