Fault Attacks Sensitivity of Public Parameters in the Dilithium Verification

Andersson Calle Viera; Alexandre Berzati; Karine Heydemann

Paper 2023/1796

Fault Attacks Sensitivity of Public Parameters in the Dilithium Verification

Andersson Calle Viera, Thales (France), Laboratoire de Recherche en Informatique de Paris 6

Alexandre Berzati, Thales (France)

Karine Heydemann, Thales (France), Laboratoire de Recherche en Informatique de Paris 6

Abstract

This paper presents a comprehensive analysis of the verification algorithm of the CRYSTALS-Dilithium, focusing on a C reference implementation. Limited research has been conducted on its susceptibility to fault attacks, despite its critical role in ensuring the scheme’s security. To fill this gap, we investigate three distinct fault models - randomizing faults, zeroizing faults, and skipping faults - to identify vulnerabilities within the verification process. Based on our analysis, we propose a methodology for forging CRYSTALS-Dilithium signatures without knowledge of the secret key. Instead, we leverage specific types of faults during the verification phase and some properties about public parameters to make these signatures accepted. Additionally, we compared different attack scenarios after identifying sensitive operations within the verification algorithm. The most effective requires potentially fewer fault injections than targeting the verification check itself. Finally, we introduce a set of countermeasures designed to thwart all the identified scenarios rendering the verification algorithm intrinsically resistant to the presented attacks.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Published elsewhere. CARDIS2023
Keywords: Dilithium Fault Attacks Side-channel attacks Lattice-based cryptography Post-quantum cryptography
Contact author(s): andersson calle-viera @ thalesgroup com
alexandre berzati @ thalesgroup com
karine heydemann @ thalesgroup com
History: 2023-11-24: approved; 2023-11-21: received; See all versions
Short URL: https://ia.cr/2023/1796
License: CC BY

BibTeX

@misc{cryptoeprint:2023/1796,
      author = {Andersson Calle Viera and Alexandre Berzati and Karine Heydemann},
      title = {Fault Attacks Sensitivity of Public Parameters in the Dilithium Verification},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1796},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1796}},
      url = {https://eprint.iacr.org/2023/1796}
}