| Author | Ulitzsch, Vincent Quentin; Marzougui, Soundes; Tibouchi, Mehdi; Seifert, Jean Pierre |
|---|
| Date | 2024 |
|---|
| Type | Conference Paper |
|---|
| Abstract | We present an end-to-end (equivalent) key recovery attack on the Dilithium lattice-based signature scheme, one of the winners of the NIST postquantum cryptography competition. The attack is based on a small side-channel leakage we identified in a bit unpacking procedure inside Dilithium signature generation. We then combine machine-learning based profiling with various algorithmic techniques, including least squares regression and integer linear programming, in order to leverage this small leakage into essentially full key recovery: we manage to recover, from a moderate number of side-channel traces, enough information to sign arbitrary messages. We confirm the practicality of our technique using concrete experiments against the ARM Cortext-M4 implementation of Dilithium, and verify that our attack is robust to real-world conditions such as noisy power measurements. This attack appears difficult to protect against reliably without strong side-channel countermeasures such as masking of the entire signing algorithm, and underscores the necessity of implementing such countermeasures despite their known high cost. |
|---|
| Conference | 29th International Conference on Selected Areas in Cryptography, SAC 2022 |
|---|
| Isbn | 9783031584107 |
|---|
| ISSN | 03029743 |
|---|
| Url | https://publica.fraunhofer.de/handle/publica/510473 |
|---|
