Masking Dilithium: Efficient Implementation and Side-Channel Evaluation

Although security against side-channel attacks is not an explicit design criterion of the NIST postquantum standardization effort, it is certainly a major concern for schemes that are meant for real-world deployment. In view of the numerous physical attacks that have been proposed against postquantum schemes in recent literature, it is in particular very important to evaluate the cost and effectiveness of side-channel countermeasures in that setting. For lattice-based signatures, this work was initiated by Barthe et al., who showed at EUROCRYPT 2018 how to apply arbitrary order masking to the GLP signature scheme presented at CHES 2012 by Güneysu, Lyubashevsky and Pöppelman. However, although Barthe et al.’s paper provides detailed proofs of security in the probing model of Ishai, Sahai and Wagner, it does not include practical side-channel evaluations, and its proof-of-concept implementation has limited efficiency. Moreover, the GLP scheme has historical significance but is not a NIST candidate, nor is it being considered for concrete deployment. In this paper, we look instead at Dilithium, one of the most promising NIST candidates for postquantum signatures. This scheme, presented at CHES 2018 by Ducas et al. and based on module lattices, can be seen as an updated variant of both GLP and its more efficient sibling BLISS; it comes, in particular, with a careful implementation that is both efficient and constant-time. Our analysis of Dilithium from a side-channel perspective is threefold. We first evaluate the side-channel resistance of an ARM Cortex M3 implementation of Dilithium without masking, and identify exploitable sidechannel leakage. We then describe how to securely mask the scheme, and verify that the masked implementation no longer leaks. Finally, we show how a simple tweak to Dilithium (namely, replacing the prime modulus by a power of two) makes it possible to obtain a considerably more efficient masked scheme, by a factor of 7.3 to 9 for the most time-consuming masking operations, without affecting security.

[1]  Damien Stehlé,et al.  CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[2]  Mehdi Tibouchi,et al.  Masking the GLP Lattice-Based Signature Scheme at Any Order , 2018, EUROCRYPT.

[3]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[4]  Frederik Vercauteren,et al.  Saber: Module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM , 2018, IACR Cryptol. ePrint Arch..

[5]  Damien Stehlé,et al.  CRYSTALS - Dilithium: Digital Signatures from Module Lattices , 2017, IACR Cryptol. ePrint Arch..

[6]  Damien Stehlé,et al.  Worst-case to average-case reductions for module lattices , 2014, Designs, Codes and Cryptography.

[7]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[8]  Tanja Lange,et al.  Flush, Gauss, and reload : a cache attack on the BLISS lattice-based signature scheme , 2016 .

[9]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[10]  Mehdi Tibouchi,et al.  Loop-Abort Faults on Lattice-Based Fiat-Shamir and Hash-and-Sign Signatures , 2016, SAC.

[11]  Mehdi Tibouchi,et al.  Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing against strongSwan and Electromagnetic Emanations in Microcontrollers , 2017, CCS.

[12]  Kenneth G. Paterson,et al.  Cold Boot Attacks on Ring and Module LWE Keys Under the NTT , 2018, IACR Cryptol. ePrint Arch..

[13]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[14]  Tancrède Lepoint,et al.  CRYSTALS-Dilithium Algorithm Specifications and Supporting Documentation , 2017 .

[15]  Yuval Yarom,et al.  To BLISS-B or not to be: Attacking strongSwan's Implementation of Post-Quantum Signatures , 2017, IACR Cryptol. ePrint Arch..

[16]  Juliane Krämer,et al.  Lattice-Based Signature Schemes and Their Sensitivity to Fault Attacks , 2016, 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[17]  Johann Großschädl,et al.  Micro-Architectural Power Simulator for Leakage Assessment of Cryptographic Software on ARM Cortex-M3 Processors , 2018, IACR Cryptol. ePrint Arch..