Paper 2020/267

Differential Power Analysis of the Picnic Signature Scheme

Tim Gellersen, Okan Seker, and Thomas Eisenbarth


This work introduces the first differential side-channel analysis of the Picnic Signature Scheme, an alternate candidate in the ongoing competition for post-quantum cryptography by the National Institute of Standards and Technology (NIST). We present a successful side-channel analysis of the underlying multiparty implementation of the LowMC block cipher (MPC-LowMC) and show how side-channel information can be used to recover the entire secret key by exploiting two different parts of the algorithm. LowMC key recovery then allows to forge signatures for the calling Picnic post-quantum signature scheme. We target the NIST reference implementation executed on a FRDM-K66F development board. Key recovery succeeds with fewer than 1000 LowMC traces, which can be obtained from fewer than 30 observed Picnic signatures.

Available format(s)
Publication info
Published elsewhere. PQCrypto 2021
Picnic Signature SchemeLowMcMultiparty ComputationPower AnalysisDPA
Contact author(s)
tim gellersen @ student uni-luebeck de
okan seker @ uni-luebeck de
thomas eisenbarth @ uni-luebeck de
2021-05-18: revised
2020-03-04: received
See all versions
Short URL
Creative Commons Attribution


      author = {Tim Gellersen and Okan Seker and Thomas Eisenbarth},
      title = {Differential Power Analysis of the Picnic Signature Scheme},
      howpublished = {Cryptology ePrint Archive, Paper 2020/267},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.