Paper 2024/2046

Decompressing Dilithium's Public Key with Fewer Signatures Using Side Channel Analysis

Ruize Wang, KTH Royal Institute of Technology
Joel Gärtner, KTH Royal Institute of Technology
Elena Dubrova, KTH Royal Institute of Technology
Abstract

The CRYSTALS-Dilithium digital signature scheme, selected by NIST as a post-quantum cryptography (PQC) standard under the name ML-DSA, employs a public key compression technique intended for performance optimization. Specifically, the module learning with error instance $({\bf A}, {\bf t})$ is compressed by omitting the low-order bits ${\bf t_0}$ of the vector ${\bf t}$. It was recently shown that knowledge of ${\bf t_0}$ enables more effective side-channel attacks on Dilithium implementations. Another recent work demonstrated a method for reconstructing ${\bf t_0}$ from multiple signatures. In this paper, we build on this method by applying profiled deep learning-assisted side-channel analysis to partially recover the least significant bit of ${\bf t_0}$ from power traces. As a result, the number of signatures required for the reconstruction of ${\bf t_0}$ can be reduced by roughly half. We demonstrate how the new ${\bf t_0}$ reconstruction method enhances the efficiency of recovering the secret key component ${\bf s}_1$, and thus facilitates digital signature forgery, on an ARM Cortex-M4 implementation of Dilithium.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
public-key cryptographypost-quantum cryptographyDilithiumML-DSAside-channel attack
Contact author(s)
ruize @ kth se
jgartner @ kth se
dubrova @ kth se
History
2024-12-19: approved
2024-12-18: received
See all versions
Short URL
https://ia.cr/2024/2046
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/2046,
      author = {Ruize Wang and Joel Gärtner and Elena Dubrova},
      title = {Decompressing Dilithium's Public Key with Fewer Signatures Using Side Channel Analysis},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/2046},
      year = {2024},
      url = {https://eprint.iacr.org/2024/2046}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.