Paper 2023/1545

Exploiting Small-Norm Polynomial Multiplication with Physical Attacks: Application to CRYSTALS-Dilithium

Olivier Bronchain, NXP (Belgium)
Melissa Azouaoui, NXP (Germany)
Mohamed ElGhamrawy, NXP (Germany)
Joost Renes, NXP (Netherlands)
Tobias Schneider, NXP (Austria)
Abstract

We present a set of physical profiled attacks against CRYSTALS-Dilithium that accumulate noisy knowledge on secret keys over multiple signatures, finally leading to a full recovery attack. The methodology is composed of two steps. The first step consists of observing or inserting a bias in the posterior distribution of sensitive variables. The second step of an information processing phase which is based on belief propagation, which allows effectively exploiting that bias. The proposed concrete attacks rely on side-channel information, injection of fault attacks, or a combination of the two. Interestingly, the adversary benefits from the knowledge on the released signature, but is not dependent on it. We show that the combination of a physical attack with the binary knowledge of acceptance or rejection of a signature also leads to exploitable information on the secret key. Finally, we demonstrate that this approach is also effective against shuffled implementations of CRYSTALS-Dilithium.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published by the IACR in TCHES 2024
Keywords
Post-Quantum CryptographySide-Channel AttacksFault AttacksCRYSTALS-Dilithium
Contact author(s)
olivier bronchain @ nxp com
melissa azouaoui @ nxp com
mohamed elghamrawy @ nxp com
joost renes @ nxp com
tobias schneider @ nxp com
History
2024-01-16: revised
2023-10-09: received
See all versions
Short URL
https://ia.cr/2023/1545
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/1545,
      author = {Olivier Bronchain and Melissa Azouaoui and Mohamed ElGhamrawy and Joost Renes and Tobias Schneider},
      title = {Exploiting Small-Norm Polynomial Multiplication with Physical Attacks: Application to {CRYSTALS}-Dilithium},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1545},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1545}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.