Paper 2025/146

SHIFT SNARE: Uncovering Secret Keys in FALCON via Single-Trace Analysis

Jinyi Qiu, North Carolina State University
Aydin Aysu, North Carolina State University
Abstract

This paper presents a novel single-trace side-channel attack on FALCON---a lattice-based post-quantum digital signature protocol recently approved for standardization by NIST. We target the discrete Gaussian sampling operation within the FALCON key generation scheme and use a single power measurement trace to succeed. Notably, negating the 'shift right 63-bit' operation (for 64-bit values) leaks critical information about the '-1' vs. '0' assignments to intermediate coefficients. These leaks enable full recovery of the generated secret keys. The proposed attack is implemented on an ARM Cortex-M4 microcontroller running both reference and optimized software implementation from FALCON's NIST Round 3 package. Statistical analysis with 500k tests reveals a per coefficient success rate of 99.9999999478% and a full key recovery success rate of 99.99994654% for FALCON-512. This work highlights the vulnerability of current software solutions to single-trace attacks and underscores the urgent need to develop single-trace resilient software for embedded systems.

Note: Original upload, submitted for peer review in 2024

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Post quantum cryptographyFALCONSide-channel attack
Contact author(s)
jqiu2 @ ncsu edu
aaysu @ ncsu edu
History
2025-01-31: revised
2025-01-30: received
See all versions
Short URL
https://ia.cr/2025/146
License
Creative Commons Attribution-NonCommercial-NoDerivs
CC BY-NC-ND

BibTeX

@misc{cryptoeprint:2025/146,
      author = {Jinyi Qiu and Aydin Aysu},
      title = {{SHIFT} {SNARE}: Uncovering Secret Keys in {FALCON} via Single-Trace Analysis},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/146},
      year = {2025},
      url = {https://eprint.iacr.org/2025/146}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.