Single-Trace Attack on NIST Round 3 Candidate Dilithium Using Machine Learning-Based Profiling

Han, Jaeseung; Lee, Tae‐Ho; Kwon, Jihoon; Lee, Joohee; Kim, Il-Ju; Cho, Ji-Hoon; Han, Dong‐Guk; Sim, Bo-Yeon

doi:10.1109/access.2021.3135600

Cited by 8 publications

(3 citation statements)

References 16 publications

(20 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Primas et al (2017) proposed a generic method targeting NTT operations that requires establishing templates for all possible multiplications in butterfly operations, which is costly. Han et al (2021) employed a machine learning-based method to attack NTT operations, recovering keys using 60,000 power traces. Berzati et al (2023) reconstructed a given coefficient in a predicted vector to determine if it is zero, thus recovering the private key using linear algebra methods, with 700,000 power traces.…”

Section: Related Workmentioning

confidence: 99%

In-depth Correlation Power Analysis Attacks on a Hardware Implementation of CRYSTALS-Dilithium

Wang,

Gao,

Liu

et al. 2024

Cybersecurity

View full text Add to dashboard Cite

During the standardisation process of post-quantum cryptography, NIST encourages research on side-channel analysis for candidate schemes. As the recommended lattice signature scheme, CRYSTALS-Dilithium, when implemented on hardware, has seen limited research on side-channel analysis, and current attacks are incomplete or requires a substantial quantity of traces. Therefore, we conducted a more complete analysis to investigate the leakage of an FPGA implementation of CRYSTALS-Dilithium using the Correlation Power Analysis (CPA) method, where with a minimum of 70,000 traces partial private key coefficients can be recovered. Furthermore, we optimise the attack by extracting Point-of-Interests using known information due to parallelism (named CPA-PoI) and by iteratively utilising parallel leakages (named CPA-ITR). Our experimental results show that CPA-PoI reduces the number of traces by up to 16.67%, CPA-ITR by up to 25%, and both increase the number of recovered key coefficients by up to 55.17% and 93.10% using the same number of traces. They outperfom the CPA method. As a result, it suggests that the FPGA implementation of CRYSTALS-Dilithium is more vulnerable than thought before to side-channel analysis.

show abstract

Section: Related Workmentioning

confidence: 99%

In-depth Correlation Power Analysis Attacks on a Hardware Implementation of CRYSTALS-Dilithium

Wang,

Gao,

Liu

et al. 2024

Cybersecurity

View full text Add to dashboard Cite

show abstract

“…Han et al [162] targeted the NTT instance over s 1 using a simple template attack, which could recover the complete secret polynomial s 1 in a single trace. They showed that an attacker can target leakage from the product of the secret coe cients with the twiddle factors in the first round of the NTT (i.e.)…”

Section: Simple Template Attacksmentioning

confidence: 99%

“…Moreover, the attack is aided by the fact that there are only 5 possible candidates for coe cients of the secret s 1 . Han et al [162] targeted the reference implementation of Dilithium through the power side-channel on the ARM Cortex-M4 microcontroller to recover the entire secret s 1 in a single trace. We refer to this attack as the Simple_NTT_Template attack.…”

Section: Simple Template Attacksmentioning

confidence: 99%

Implementation attacks on post-quantum lattice-based cryptography

Ravi¹

View full text Add to dashboard Cite

His valuable insights has allowed me to grow both professionally as well as in my personal life. I would like to take this opportunity and thank him for the constant motivation and guidance, and the wonderful PhD journey! I would also like to express my sincere and heartfelt gratitude towards my co-supervisor Dr. Shivam Bhasin, Technological University, Singapore, who has been a pillar of support and more than just a supervisor throughout my entire PhD journey. I am eternally grateful to both of you, for having trusted me and providing me this opportunity to pursue my PhD with the fullest support, guidance and at the same time, with so much freedom.I would also like to specially thank Dr. Sujoy Sinha Roy, IAIK, TU Graz, Austria for all the guidance you have provided me throughout my PhD journey. My sincere thanks to the members of Thesis Advisory Committee for always providing me valuable suggestions. I would also like to thank all the co-authors of all the publications listed in this thesis, for their valuable contribution.And of course, I would like to thank my family (Amma, Appa, Aunty, Uncle) and especially my wife Shenbaga for being there for me. A special word of gratitude to my friends, Dhivya, Rachel, Salow and Bala for their support. P.S. Thank you GVM... Prasanna Ravi, May 2023 xi "In a way, these things are like gold nuggets that God left in the forest. If I'm walking along in the forest and I stubbed my toe on it, who's to say I deserve credit for

show abstract

Seesaw: A 4096-bit vector processor for accelerating Kyber based on RISC-V ISA extensions

Zou,

Peng,

et al. 2025

Parallel Computing

View full text Add to dashboard Cite

Single-Trace Attack on NIST Round 3 Candidate Dilithium Using Machine Learning-Based Profiling

Cited by 8 publications

References 16 publications

In-depth Correlation Power Analysis Attacks on a Hardware Implementation of CRYSTALS-Dilithium

In-depth Correlation Power Analysis Attacks on a Hardware Implementation of CRYSTALS-Dilithium

Implementation attacks on post-quantum lattice-based cryptography

Seesaw: A 4096-bit vector processor for accelerating Kyber based on RISC-V ISA extensions

Contact Info

Product

Resources

About