A Practical Template Attack on CRYSTALS-Dilithium

Alexandre Berzati; Andersson Calle Viera; Maya Chartouni; Steven Madec; Damien Vergnaud; David Vigilant

Paper 2023/050

A Practical Template Attack on CRYSTALS-Dilithium

Alexandre Berzati, Thales (France)

Andersson Calle Viera, Thales (France), Laboratoire de Recherche en Informatique de Paris 6

Maya Chartouni, Thales (France), Versailles Saint-Quentin-en-Yvelines University

Steven Madec, Thales (France)

Damien Vergnaud, Laboratoire de Recherche en Informatique de Paris 6

David Vigilant, Thales (France)

Abstract

This paper presents a new profiling side-channel attack on the signature scheme CRYSTALS-Dilithium, which has been selected by the NIST as the new primary standard for quantum-safe digital signatures. This algorithm has a constant-time implementation with consideration for side-channel resilience. However, it does not protect against attacks that exploit intermediate data leakage. We exploit such a leakage on a vector generated during the signing process and whose costly protection by masking is a matter of debate. We design a template attack that enables us to efficiently predict whether a given coefficient in one coordinate of this vector is zero or not. Once this value has been completely reconstructed, one can recover, using linear algebra methods, part of the secret key that is sufficient to produce universal forgeries. While our paper deeply discusses the theoretical attack path, it also demonstrates the validity of the assumption regarding the required leakage model, from practical experiments with the reference implementation on an ARM Cortex-M4.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Preprint.
Keywords: Dilithium Lattice-based cryptography Post-quantum cryptography Side-channel attacks Template Attacks
Contact author(s): alexandre berzati @ thalesgroup com
andersson calle-viera @ thalesgroup com
maya saab-chartouni @ thalesgroup com
steven madec @ thalesgroup com
david vigilant @ thalesgroup com
History: 2023-01-19: approved; 2023-01-16: received; See all versions
Short URL: https://ia.cr/2023/050
License: CC BY

BibTeX

@misc{cryptoeprint:2023/050,
      author = {Alexandre Berzati and Andersson Calle Viera and Maya Chartouni and Steven Madec and Damien Vergnaud and David Vigilant},
      title = {A Practical Template Attack on CRYSTALS-Dilithium},
      howpublished = {Cryptology ePrint Archive, Paper 2023/050},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/050}},
      url = {https://eprint.iacr.org/2023/050}
}