From MLWE to RLWE: A Differential Fault Attack on Randomized & Deterministic Dilithium

Mohamed ElGhamrawy; Melissa Azouaoui; Olivier Bronchain; Joost Renes; Tobias Schneider; Markus Schönauer; Okan Seker; Christine van Vredendaal

Paper 2023/1074

From MLWE to RLWE: A Differential Fault Attack on Randomized & Deterministic Dilithium

Mohamed ElGhamrawy, NXP (Germany), Hamburg University of Applied Sciences

Melissa Azouaoui

, NXP (Germany)

Olivier Bronchain

, NXP (Belgium)

Joost Renes

, NXP (Netherlands)

Tobias Schneider, NXP (Austria)

Markus Schönauer, NXP (Austria)

Okan Seker, NXP (Germany)

Christine van Vredendaal

, NXP (Netherlands)

Abstract

The post-quantum digital signature scheme CRYSTALS-Dilithium has been recently selected by the NIST for standardization. Implementing CRYSTALS-Dilithium, and other post-quantum cryptography schemes, on embedded devices raises a new set of challenges, including ones related to performance in terms of speed and memory requirements, but also related to side-channel and fault injection attacks security. In this work, we investigated the latter and describe a differential fault attack on the randomized and deterministic versions of CRYSTALS-Dilithium. Notably, the attack requires a few instructions skips and is able to reduce the MLWE problem that Dilithium is based on to a smaller RLWE problem which can be practically solved with lattice reduction techniques. Accordingly, we demonstrated key recoveries using hints extracted on the secret keys from the same faulted signatures using the LWE with side-information framework introduced by Dachman-Soled et al. at CRYPTO’20. As a final contribution, we proposed algorithmic countermeasures against this attack and in particular showed that the second one can be parameterized to only induce a negligible overhead over the signature generation.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Published by the IACR in TCHES 2023
Keywords: Post-Quantum Cryptography Differential Fault Attacks. Dilithium Lattice Reduction
Contact author(s): melissa azouaoui @ nxp com
History: 2023-09-18: revised; 2023-07-10: received; See all versions
Short URL: https://ia.cr/2023/1074
License: CC BY

BibTeX

@misc{cryptoeprint:2023/1074,
      author = {Mohamed ElGhamrawy and Melissa Azouaoui and Olivier Bronchain and Joost Renes and Tobias Schneider and Markus Schönauer and Okan Seker and Christine van Vredendaal},
      title = {From MLWE to RLWE: A Differential Fault Attack on Randomized & Deterministic Dilithium},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1074},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1074}},
      url = {https://eprint.iacr.org/2023/1074}
}