CryptoDB
Lessons Learned from Protecting CRYSTALS-Dilithium
| Authors: | |
|---|---|
| Download: | |
| Presentation: | Slides |
| Abstract: | NIST recently announced Kyber and Dilithium as first winners of their post-quantum cryptography (PQC) standardization effort. While the two are more suitable for constrained applications relative to other PQC schemes, their implementation in commercial embedded platforms still poses a non-trivial challenge, especially since many embedded use cases require hardening against physical attacks. As any delay in the transition to this new standard could have severe consequences for security critical use cases which require certified hardened designs, e.g., payment or automotive, the industrial and academic communities are actively investigating and solving issues that could arise. While for Kyber there is already an extensive list of such issues, Dilithium has been significantly less explored in the context of physical security. As there are multiple variants (deterministic, randomized, hedged) of Dilithium of which only a subset might be included in the standard, it is of utmost importance to quantify and understand the implications of each type on physical security. In this talk, we present the dos and don’ts of hardening Dilithium against a side-channel adversary, which were acquired during a detailed and lengthy analysis inside NXP. To this end, we first list the issues of each Dilithium variant regarding side-channel hardening, quantify the resulting implementation costs and highlight the noticeable overhead introduced by deterministic approaches. By exploring minor modifications to the underlying algorithm, we demonstrate that standardizing a variant, which is not optimized for physical security, would have a significant negative impact on the performance of hardened Dilithium on embedded devices. Instead, we propose that a slightly-modified randomized Dilithium should be considered during the standardization effort and recommended as the default choice for constrained platforms. It is our expectation that this would immensely support the transition to the future PQC standard on embedded devices. |
| Video: | https://youtu.be/rf63D1fdOJM?t=2919 |
BibTeX
@misc{rwc-2023-35436,
title={Lessons Learned from Protecting CRYSTALS-Dilithium},
note={Video at \url{https://youtu.be/rf63D1fdOJM?t=2919}},
howpublished={Talk given at RWC 2023},
author={Melissa Azouaoui and Joppe W. Bos and Olivier Bronchain and Joost Renes and Tobias Schneider and Christine van Vredendaal},
year=2023
}