Paper 2024/2046
Decompressing Dilithium's Public Key with Fewer Signatures Using Side Channel Analysis
Abstract
The CRYSTALS-Dilithium digital signature scheme, selected by NIST as a post-quantum cryptography (PQC) standard under the name ML-DSA, employs a public key compression technique intended for performance optimization. Specifically, the module learning with error instance $({\bf A}, {\bf t})$ is compressed by omitting the low-order bits ${\bf t_0}$ of the vector ${\bf t}$. It was recently shown that knowledge of ${\bf t_0}$ enables more effective side-channel attacks on Dilithium implementations. Another recent work demonstrated a method for reconstructing ${\bf t_0}$ from multiple signatures. In this paper, we build on this method by applying profiled deep learning-assisted side-channel analysis to partially recover the least significant bit of ${\bf t_0}$ from power traces. As a result, the number of signatures required for the reconstruction of ${\bf t_0}$ can be reduced by roughly half. We demonstrate how the new ${\bf t_0}$ reconstruction method enhances the efficiency of recovering the secret key component ${\bf s}_1$, and thus facilitates digital signature forgery, on an ARM Cortex-M4 implementation of Dilithium.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- public-key cryptographypost-quantum cryptographyDilithiumML-DSAside-channel attack
- Contact author(s)
-
ruize @ kth se
jgartner @ kth se
dubrova @ kth se - History
- 2024-12-19: approved
- 2024-12-18: received
- See all versions
- Short URL
- https://ia.cr/2024/2046
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/2046, author = {Ruize Wang and Joel Gärtner and Elena Dubrova}, title = {Decompressing Dilithium's Public Key with Fewer Signatures Using Side Channel Analysis}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/2046}, year = {2024}, url = {https://eprint.iacr.org/2024/2046} }