Paper 2026/056

Rejection Matters: Efficient Non-Profiling Side-Channel Attack on ML-DSA via Exploiting Public Templates

Yuhan Zhao, School of Cyber Science and Engineering, Nanjing University of Science and Technology, China
Wei Cheng, School of Cyber Science and Engineering, Nanjing University of Science and Technology, China, LTCI, Télécom Paris, Institut Polytechnique de Paris, France
Zehua Qiao, Institute of Information Engineering, Chinese Academy of Sciences, China
Yuejun Liu, School of Cyber Science and Engineering, Nanjing University of Science and Technology, China
Yongbin Zhou, School of Cyber Science and Engineering, Nanjing University of Science and Technology, China, Institute of Information Engineering, Chinese Academy of Sciences, China
Abstract

ML-DSA (formerly CRYSTALS-Dilithium), NIST’s primary post-quantum signature standard, is increasingly deployed along with the post-quantum transitions. Yet when the implementations of ML-DSA are deployed in practice, their physical security remains underexplored. In this work, we reveal a new attack surface against ML-DSA by exploiting the leakages from both rejected signing trials and the final accepted signing trial. We present, to the best of our knowledge, the first side-channel attack that simultaneously leverages leakage from both trials without relying on clone devices. Unlike traditional Secret-based Template Attacks, which require profiling the leakage of the sensitive intermediates on a clone device, our PTA (Public-based Template Attack) builds leakage templates solely from publicly available data on the target device itself. With challenge $c$ known, we then perform CPA on the sensitive intermediates using traces from both rejected and accepted signing trials, quadrupling (on average) exploitable leakage per signing request for ML-DSA-44. The experimental results on power traces from an ARM Cortex-M4 board show that challenges $c$ are fully recovered with only {96 traces}, and then the key recovery succeeds in around 300 traces — a fact of 10x fewer than prior art. We highlight that our attack can be applied across all three ML-DSA variants with different security levels. Moreover, our attack works straightforwardly in the hedged (non-deterministic) mode of ML-DSA, demonstrating that the hedging offers no SCA protection in this scenario.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Minor revision. IEEE DATE 2026
Keywords
Side-Channel AnalysisCRYSTALS-DilithiumDeep Learning-based AttackCorrelation Power Analysis.
Contact author(s)
yhzhao96 @ njust edu cn
wei cheng @ njust edu cn
liuyuejun @ njust edu cn
History
2026-01-16: revised
2026-01-14: received
See all versions
Short URL
https://ia.cr/2026/056
License
Creative Commons Attribution-NonCommercial
CC BY-NC

BibTeX

@misc{cryptoeprint:2026/056,
      author = {Yuhan Zhao and Wei Cheng and Zehua Qiao and Yuejun Liu and Yongbin Zhou},
      title = {Rejection Matters: Efficient Non-Profiling Side-Channel Attack on {ML}-{DSA} via Exploiting Public Templates},
      howpublished = {Cryptology {ePrint} Archive, Paper 2026/056},
      year = {2026},
      url = {https://eprint.iacr.org/2026/056}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.