Breaking and Protecting the Crystal: Side-Channel Analysis of Dilithium in Hardware

Das Paper „Breaking and Protecting the Crystal: Side-Channel Analysis of Dilithium in Hardware“ von Hauke Steffen, Georg Land, Lucie Kogelheide und Tim Güneysu wurde für die PQCrypto’23 akzeptiert.


The lattice-based CRYSTALS-Dilithium signature scheme has been selected for standardization by the NIST. As part of the selection process, a large number of implementations for platforms like x86, ARM Cortex-M4, or – on the hardware side – Xilinx Artix-7 have been presented and discussed by experts. While software implementations have been subject to side-channel analysis with several attacks being published, an analysis of Dilithium hardware implementations and their peculiarities has not taken place.
With this work, we aim to fill this gap, presenting an analysis of vulnerable operations and practically showing a successful profiled Simple Power Analysis (SPA) and a Correlation Power Analysis (CPA) on a recent hardware implementation by Beckwith et al. Our SPA attack requires 700 000 profiling traces and targets the first Number-Theoretic Transform (NTT) stage. After finishing profiling, we can identify pairs of coefficients with 1 101 traces. The full CPA attack finds secret coefficients with as low as 66 000 traces. In response, we present specific countermeasures and show that they effectively prevent both attacks.