International Association for Cryptologic Research

International Association
for Cryptologic Research


Exploiting Small-Norm Polynomial Multiplication with Physical Attacks: Application to CRYSTALS-Dilithium

Olivier Bronchain , NXP Semiconductors, Eindhoven, Netherlands
Melissa Azouaoui , NXP Semiconductors, Eindhoven, Netherlands
Mohamed ElGhamrawy , NXP Semiconductors, Eindhoven, Netherlands
Joost Renes , NXP Semiconductors, Eindhoven, Netherlands
Tobias Schneider , NXP Semiconductors, Eindhoven, Netherlands
DOI: 10.46586/tches.v2024.i2.359-383
Search ePrint
Search Google
Abstract: We present a set of physical profiled attacks against CRYSTALS-Dilithium that accumulate noisy knowledge on secret keys over multiple signatures, finally leading to a full key recovery attack. The methodology is composed of two steps. The first step consists of observing or inserting a bias in the posterior distribution of sensitive variables. The second step is an information processing phase which is based on belief propagation and effectively exploits that bias. The proposed concrete attacks rely on side-channel information, induced faults or possibly a combination of the two. Interestingly, the adversary benefits most from this previous knowledge when targeting the released signatures, however, the latter are not strictly necessary. We show that the combination of a physical attack with the binary knowledge of acceptance or rejection of a signature also leads to exploitable information on the secret key. Finally, we demonstrate that this approach is also effective against shuffled implementations of CRYSTALS-Dilithium.
  title={Exploiting Small-Norm Polynomial Multiplication with Physical Attacks: Application to CRYSTALS-Dilithium},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universit├Ąt Bochum},
  volume={024 No. 2},
  author={Olivier Bronchain and Melissa Azouaoui and Mohamed ElGhamrawy and Joost Renes and Tobias Schneider},