Signature Correction Attack on Dilithium Signature Scheme

  title={Signature Correction Attack on Dilithium Signature Scheme},
  author={Saad Islam and Koksal Mus and Richa Singh and Patrick Schaumont and Berk Sunar},
  journal={2022 IEEE 7th European Symposium on Security and Privacy (EuroS\&P)},
  • Saad Islam, K. Mus, B. Sunar
  • Published 1 March 2022
  • Computer Science, Mathematics
  • 2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)
Motivated by the rise of quantum computers, existing public-key cryptosystems are expected to be replaced by post-quantum schemes in the next decade in billions of devices. To facilitate the transition, NIST is running a standardization process which is currently in its final Round. Only three digital signature schemes are left in the competition, among which Dilithium and Falcon are the ones based on lattices. Besides security and performance, significant attention has been given to resistance… 
Fiddling the Twiddle Constants - Fault Injection Analysis of the Number Theoretic Transform
This work presents the first fault injection analysis of the Number Theoretic Transform (NTT) and proposes novel existential forgery attacks targeting deterministic and probabilistic signing procedure of Dilithium, followed by a novel verification bypass attack targeting its veri-cation procedure.
Design and Evaluation of Bit-sliced Neural Network and Post-Quantum Implementations
This thesis investigates both these applications of bit-slicing technique in two different domains: Neural Networks, by improving the performance of its most common operation, Matrix Multiplication, and Post-Quantum Lattice-based algorithms, by protecting its key operation that is Number-Theoretic Transform (NTT) using bit-Sliced spatial redundancy against fault injection attacks.
An End-to-End Analysis of EMFI on Bit-sliced Post-Quantum Implementations
This is the first demonstration of a bitslice-redundant design of Dilithium that offers distributed fault detection throughout the execution of the algorithm, and the bit-sliced NTT design is able to catch the majority of potentially exploitable faults.


TRRespass: Exploiting the Many Sides of Target Row Refresh
The inner workings of TRR are demystified, which shows that what is advertised as a single mitigation mechanism is actually a series of different solutions coalesced under the umbrella term Target Row Refresh, and it is demonstrated that modern implementations operate entirely inside DRAM chips.
CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme
In this paper, we present the lattice-based signature scheme Dilithium, which is a component of the CRYSTALS (Cryptographic Suite for Algebraic Lattices) suite that was submitted to NIST’s call for
Grafting Trees: a Fault Attack against the SPHINCS framework
This work addresses the question of the resistance to implementation attacks of the schemes of the sphincs family, which are arguably the most practical stateless schemes, and can be implemented on embedded devices such as FPGAs or smart cards.
QuantumHammer: A Practical Hybrid Attack on the LUOV Signature Scheme
This work introduces a novel hybrid attack, QuantumHammer, and demonstrates the first successful in-the-wild attack on LUOV recovering all 11K key bits with less than 4 hours of an active Rowhammer attack.
Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers
An instruction sequence is developed that leverages microarchitectural side-effects to "hammer" DRAM at a near-optimal rate on modern Intel Skylake and Cascade Lake platforms and a DDR4 fault injector is designed that can reverse engineer row adjacency for any DDR4 DIMM.
Exploiting Determinism in Lattice-based Signatures: Practical Fault Attacks on pqm4 Implementations of NIST Candidates
This paper extends the practicality of skip-addition fault attacks through exploitation of determinism in Dilithium and qTESLA signature schemes, which are two leading candidates for the NIST standardization of post-quantum cryptography.
Number "Not Used" Once - Practical Fault Attack on pqm4 Implementations of NIST Candidates
This paper proposes the first practical fault attack on lattice-based Key encapsulation schemes secure in the CCA model and performs experimental validation of the attack using Electromagnetic fault injection on reference implementations of the aforementioned schemes taken from the pqm4 library.
Differential Fault Attacks on Deterministic Lattice Signatures
It is demonstrated that single random faults can result in a nonce-reuse scenario which allows key recovery, and the applicability of differential fault attacks to lattice-based cryptography is extended.
One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation
Novel techniques to determine the physical address mapping in DRAMmodules at runtime are developed at runtime (to improve the effectiveness of double-sided row hammer attacks), methods to exhaustively hammer a large fraction of physical memory from a guest VM (to collect exploitable vulnerable bits), and innovative approaches to break Xen paravirtualized memory isolation.