Paper 2022/106
Profiling Side-Channel Attacks on Dilithium: A Small Bit-Fiddling Leak Breaks It All
Soundes Marzougui, Vincent Ulitzsch, Mehdi Tibouchi, and Jean-Pierre Seifert
Abstract
We present an end-to-end (equivalent) key recovery attack on the Dilithium lattice-based signature scheme, one of the top contenders in the NIST postquantum cryptography competition. The attack is based on a small side-channel leakage we identified in a bit unpacking procedure inside Dilithium signature generation. We then combine machine-learning based profiling with various algorithmic techniques, including least squares regression and integer linear programming, in order to leverage this small leakage into essentially full key recovery: we manage to recover, from a moderate number of side-channel traces, enough information to sign arbitrary messages. We confirm the practicality of our technique using concrete experiments against the ARM Cortext-M4 implementation of Dilithium, and verify that our attack is robust to real-world conditions such as noisy power measurements. This attack appears difficult to protect against reliably without strong side-channel countermeasures such as masking of the entire signing algorithm, and underscores the necessity of implementing such countermeasures despite their known high cost.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Contact author(s)
- marzougui soundes @ gmail com
- History
- 2022-02-09: last of 3 revisions
- 2022-01-31: received
- See all versions
- Short URL
- https://ia.cr/2022/106
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/106,
author = {Soundes Marzougui and Vincent Ulitzsch and Mehdi Tibouchi and Jean-Pierre Seifert},
title = {Profiling Side-Channel Attacks on Dilithium: A Small Bit-Fiddling Leak Breaks It All},
howpublished = {Cryptology ePrint Archive, Paper 2022/106},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/106}},
url = {https://eprint.iacr.org/2022/106}
}
