[Resource Topic] 2024/512: Single Trace is All It Takes: Efficient Side-channel Attack on Dilithium

Welcome to the resource topic for 2024/512

Single Trace is All It Takes: Efficient Side-channel Attack on Dilithium

Authors: Zehua Qiao, Yuejun Liu, Yongbin Zhou, Yuhan Zhao, Shuyi Chen


As the National Institute of Standards and Technology (NIST) concludes its post-quantum cryptography (PQC) competition, the winning algorithm, Dilithium, enters the deployment phase in 2024. This phase underscores the importance of conducting thorough practical security evaluations. Our study offers an in-depth side-channel analysis of Dilithium, showcasing the ability to recover the complete private key, {s}_1, within ten minutes using just two signatures and achieving a 60 success rate with a single signature. We focus on analyzing the polynomial addition in Dilithium, z=y+{cs}_1, by breaking down the attack into two main phases: the recovery of y and {cs}_1 through side-channel attacks, followed by the resolution of a system of error-prone equations related to {cs}_1. Employing Linear Regression-based profiled attacks enables the successful recovery of the full y value with a 40% success rate without the necessity for initial filtering. The extraction of {cs}_1 is further improved using a CNN model, which boasts an average success rate of 75%. A significant innovation of our research is the development of a constrained optimization-based residual analysis technique. This method efficiently recovers {s}_1 from a large set of error-containing equations concerning {cs}_1, proving effective even when only 10% of the equations are accurate. We conduct a practical attack on the Dilithium2 implementation on an STM32F4 platform, demonstrating that typically two signatures are sufficient for complete private key recovery, with a single signature sufficing in optimal conditions. Using a general-purpose PC, the full private key can be reconstructed in ten minutes.

ePrint: https://eprint.iacr.org/2024/512

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .