Paper 2023/050

A Practical Template Attack on CRYSTALS-Dilithium

Alexandre Berzati, Thales (France)
Andersson Calle Viera, Thales (France), Laboratoire de Recherche en Informatique de Paris 6
Maya Chartouni, Thales (France), Versailles Saint-Quentin-en-Yvelines University
Steven Madec, Thales (France)
Damien Vergnaud, Laboratoire de Recherche en Informatique de Paris 6
David Vigilant, Thales (France)

This paper presents a new profiling side-channel attack on the signature scheme CRYSTALS-Dilithium, which has been selected by the NIST as the new primary standard for quantum-safe digital signatures. This algorithm has a constant-time implementation with consideration for side-channel resilience. However, it does not protect against attacks that exploit intermediate data leakage. We exploit such a leakage on a vector generated during the signing process and whose costly protection by masking is a matter of debate. We design a template attack that enables us to efficiently predict whether a given coefficient in one coordinate of this vector is zero or not. Once this value has been completely reconstructed, one can recover, using linear algebra methods, part of the secret key that is sufficient to produce universal forgeries. While our paper deeply discusses the theoretical attack path, it also demonstrates the validity of the assumption regarding the required leakage model, from practical experiments with the reference implementation on an ARM Cortex-M4.

Available format(s)
Attacks and cryptanalysis
Publication info
DilithiumLattice-based cryptographyPost-quantum cryptographySide-channel attacksTemplate Attacks
Contact author(s)
alexandre berzati @ thalesgroup com
andersson calle-viera @ thalesgroup com
maya saab-chartouni @ thalesgroup com
steven madec @ thalesgroup com
david vigilant @ thalesgroup com
2023-01-19: approved
2023-01-16: received
See all versions
Short URL
Creative Commons Attribution


      author = {Alexandre Berzati and Andersson Calle Viera and Maya Chartouni and Steven Madec and Damien Vergnaud and David Vigilant},
      title = {A Practical Template Attack on CRYSTALS-Dilithium},
      howpublished = {Cryptology ePrint Archive, Paper 2023/050},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.