STUDY SPACE
Exploiting Small-Norm Polynomial Multiplication with Physical Attacks Application to CRYSTALS-Dilithium

Exploiting Small-Norm Polynomial Multiplication with Physical Attacks Application to CRYSTALS-Dilithium

2024-03-12 | Olivier Bronchain, Melissa Azouaoui, Mohamed ElGhamrawy, Joost Renes and Tobias Schneider
The paper presents a set of physical profiled attacks against CRYSTALS-Dilithium, a lattice-based cryptographic scheme, that accumulate noisy knowledge on secret keys over multiple signatures, ultimately leading to full key recovery. The methodology consists of two steps: first, observing or inserting a bias in the posterior distribution of sensitive variables; second, an information processing phase based on belief propagation that exploits this bias. The attacks rely on side-channel information, induced faults, or a combination of both. The adversary benefits most from this previous knowledge when targeting released signatures, but the latter are not strictly necessary. The paper demonstrates that the combination of a physical attack with binary knowledge of acceptance or rejection of a signature also leads to exploitable information on the secret key. Additionally, the approach is effective against shuffled implementations of CRYSTALS-Dilithium. The contributions include a generic attack framework, physical attacks with accepted signatures, physical attacks without accepted signatures, and physical attacks with shuffled computation. The results show that the proposed attacks can recover the secret key with a relatively small number of traces or faults, depending on the noise level. The paper concludes by discussing the impact of these attacks on the attack surface and countermeasures for variables within CRYSTALS-Dilithium.The paper presents a set of physical profiled attacks against CRYSTALS-Dilithium, a lattice-based cryptographic scheme, that accumulate noisy knowledge on secret keys over multiple signatures, ultimately leading to full key recovery. The methodology consists of two steps: first, observing or inserting a bias in the posterior distribution of sensitive variables; second, an information processing phase based on belief propagation that exploits this bias. The attacks rely on side-channel information, induced faults, or a combination of both. The adversary benefits most from this previous knowledge when targeting released signatures, but the latter are not strictly necessary. The paper demonstrates that the combination of a physical attack with binary knowledge of acceptance or rejection of a signature also leads to exploitable information on the secret key. Additionally, the approach is effective against shuffled implementations of CRYSTALS-Dilithium. The contributions include a generic attack framework, physical attacks with accepted signatures, physical attacks without accepted signatures, and physical attacks with shuffled computation. The results show that the proposed attacks can recover the secret key with a relatively small number of traces or faults, depending on the noise level. The paper concludes by discussing the impact of these attacks on the attack surface and countermeasures for variables within CRYSTALS-Dilithium.
Terms of Service
Privacy Policy
Reach us at info@study.space
[slides and audio] Exploiting Small-Norm Polynomial Multiplication with Physical Attacks%3A Application to CRYSTALS-Dilithium