[Resource Topic] 2022/1410: Breaking and Protecting the Crystal: Side-Channel Analysis of Dilithium in Hardware

Welcome to the resource topic for 2022/1410

Breaking and Protecting the Crystal: Side-Channel Analysis of Dilithium in Hardware

Authors: Hauke Steffen, Georg Land, Lucie Kogelheide, Tim Güneysu


The lattice-based CRYSTALS-Dilithium signature schemes has been selected for standardization by the NIST. As part of the selection process, a large number of implementations for platforms like x86, ARM Cortex-M4, or - on the hardware side - Xilinx Artix-7 have been presented and discussed by experts. Moreover, the software implementations have been subject to side-channel analysis with several attacks being published.
Until now, however, an analysis of Dilithium hardware implementations and their peculiarities have not taken place. With this work, we aim to fill this gap, presenting an analysis of vulnerable operations and practically showing a successful profiled SPA and a CPA on a recent hardware implementation by Beckwith et al. Our SPA attack requires 700000 profiling traces and targets the first NTT stage. After profiling, we can find pairs of coefficients with 1101 traces. The CPA attack finds secret coefficients with as low as 66000 traces. Our attack emphasizes that noise-generation in hardware is not sufficient as mitigation measure for SCA. As a consequence, we present countermeasures and show that they effectively prevent both attacks.

ePrint: https://eprint.iacr.org/2022/1410

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .