Paper 2022/1410

Breaking and Protecting the Crystal: Side-Channel Analysis of Dilithium in Hardware

Hauke Steffen, TÜV Informationstechnik GmbH
Georg Land, Ruhr University Bochum
Lucie Kogelheide, BWI GmbH
Tim Güneysu, Ruhr University Bochum, German Research Centre for Artificial Intelligence

The lattice-based CRYSTALS-Dilithium signature scheme has been selected for standardization by the NIST. As part of the selection process, a large number of implementations for platforms like x86, ARM Cortex-M4, or – on the hardware side – Xilinx Artix-7 have been presented and discussed by experts. While software implementations have been subject to side-channel analysis with several attacks being published, an analysis of Dilithium hardware implementations and their peculiarities has not taken place. With this work, we aim to fill this gap, presenting an analysis of vulnerable operations and practically showing a successful profiled Simple Power Analysis (SPA) and a Correlation Power Analysis (CPA) on a recent hardware implementation by Beckwith et al. Our SPA attack requires 700 000 profiling traces and targets the first Number-Theoretic Transform (NTT) stage. After finishing profiling, we can identify pairs of coefficients with 1 101 traces. The full CPA attack finds secret coefficients with as low as 66 000 traces. In response, we present specific countermeasures and show that they effectively prevent both attacks.

Available format(s)
Attacks and cryptanalysis
Publication info
Published elsewhere. PQCRYPTO 2023
FPGASide-Channel AnalysisSPACPAPQCDilithium
Contact author(s)
h steffen @ tuvit de
mail @ georg land
tim gueneysu @ rub de
2023-08-16: revised
2022-10-18: received
See all versions
Short URL
Creative Commons Attribution-ShareAlike


      author = {Hauke Steffen and Georg Land and Lucie Kogelheide and Tim Güneysu},
      title = {Breaking and Protecting the Crystal: Side-Channel Analysis of Dilithium in Hardware},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1410},
      year = {2022},
      doi = {},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.