Physical Side-Channel and Fault-Injection Attacks on Dilithium: A Small Bit-Fiddling Leak Breaks It All

Vincent Ulitzsch

Video

Abstract:

The talk presents two physical end-to-end (equivalent) physical key recovery attacks on the Dilithium lattice-based signature scheme, one of the winners of the NIST postquantum cryptography competition. Both attacks exploit a small side-channel leakage we identified in a bit unpacking procedure inside Dilithium signature generation and proceed in two steps. First, we use either machine-learning based profiling power side-channel attacks or fault-injection attacks to cause an information leak. Second, with various algorithmic techniques, including least squares regression and integer linear programming, we leverage this small leakage into essentially full key recovery: we manage to recover, from a moderate number of side-channel traces or faulted signatures, enough information to sign arbitrary messages. We confirm the practicality of our technique using concrete experiments against the ARM Cortext-M4 implementation of Dilithium, and verify that our attack is robust to real-world conditions such as noisy power measurements. This attack appears difficult to protect against reliably without strong side-channel countermeasures such as masking of the entire signing algorithm, and underscores the necessity of implementing such countermeasures despite their known high cost.

Bio:

Vincent is a Phd Student at the Security in Telecommunications Department of Technical University Berlin. Prior to his Phd, he worked as a security researcher at Security Research Labs, a Berlin based security consultancy. His interests cover a wide range of IT-Security fields, especially systems- and telecommunication security, and applied cryptography. Always eager to learn about IT-Security from institutions from all over the world, he conducted various research visits, most recently by conducting system security research at the Massachusetts Institute of Technology as a visiting researcher to Mengjia Yan’s group, working on micro-architectural security.

Time and Place

Monday, May 29, 2:00pm
Gates 259 & Zoom