Paper 2022/106

Profiling Side-Channel Attacks on Dilithium: A Small Bit-Fiddling Leak Breaks It All

Soundes Marzougui, Vincent Ulitzsch, Mehdi Tibouchi, and Jean-Pierre Seifert

Abstract

We present an end-to-end (equivalent) key recovery attack on the Dilithium lattice-based signature scheme, one of the top contenders in the NIST postquantum cryptography competition. The attack is based on a small side-channel leakage we identified in a bit unpacking procedure inside Dilithium signature generation. We then combine machine-learning based profiling with various algorithmic techniques, including least squares regression and integer linear programming, in order to leverage this small leakage into essentially full key recovery: we manage to recover, from a moderate number of side-channel traces, enough information to sign arbitrary messages. We confirm the practicality of our technique using concrete experiments against the ARM Cortext-M4 implementation of Dilithium, and verify that our attack is robust to real-world conditions such as noisy power measurements. This attack appears difficult to protect against reliably without strong side-channel countermeasures such as masking of the entire signing algorithm, and underscores the necessity of implementing such countermeasures despite their known high cost.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. Minor revision.
Contact author(s)
marzougui soundes @ gmail com
History
2022-02-09: last of 3 revisions
2022-01-31: received
See all versions
Short URL
https://ia.cr/2022/106
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/106,
      author = {Soundes Marzougui and Vincent Ulitzsch and Mehdi Tibouchi and Jean-Pierre Seifert},
      title = {Profiling Side-Channel Attacks on Dilithium: A Small Bit-Fiddling Leak Breaks It All},
      howpublished = {Cryptology ePrint Archive, Paper 2022/106},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/106}},
      url = {https://eprint.iacr.org/2022/106}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.