IEEE Access (Jan 2021)
Single-Trace Attack on NIST Round 3 Candidate Dilithium Using Machine Learning-Based Profiling
Abstract
In this paper, we propose single-trace side-channel attacks against $\mathsf {CRYSTALS{-}DILITHIUM}$ . $\mathsf {CRYSTALS{-}DILITHIUM}$ is a lattice-based digital signature algorithm, one of the third round finalists of the national institute of standards and technology (NIST) standardization project. We attack the number-theoretic transform (NTT) in the signing procedure and key generation of $\mathsf {CRYSTALS{-}DILITHIUM}$ to obtain a secret key. When targeting the signing procedure, we can recover both secret key vectors $s_{1}$ and $s_{2}$ . This enables forgery of signatures. However, only the secret key vector $s_{1}$ can be recovered when targeting the key generation. Thus, we additionally attack four operations, sampling, addition, rounding, and packing, to find $s_{2}$ . We applied a machine learning-based profiling attack method to find the secret key vectors $s_{1}$ and $s_{2}$ with a single trace.
Keywords