快速Dilithium 於Cortex-M4 平台實現的旁通道分析

李昇峰; Sheng-Fong Li

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/87942

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	陳君明	zh_TW
dc.contributor.advisor	Jiun-Ming Chen	en
dc.contributor.author	李昇峰	zh_TW
dc.contributor.author	Sheng-Fong Li	en
dc.date.accessioned	2023-07-31T16:26:56Z	-
dc.date.available	2023-11-09	-
dc.date.copyright	2023-07-31	-
dc.date.issued	2023	-
dc.date.submitted	2023-06-29	-
dc.identifier.citation	[1] A. Abdulrahman, V. Hwang, M. J. Kannwischer, and A. Sprenkels. Faster kyber and dilithium on the cortex-m4. In Applied Cryptography and Network Security: 20th International Conference, ACNS 2022, Rome, Italy, June 20–23, 2022, Proceedings, pages 853–871. Springer, 2022. [2] S. Bai, L. Ducas, E. Kiltz, T. Lepoint, V. Lyubashevsky, P. Schwabe, G. Seiler, and D. Stehlé. Crystals-dilithium: Algorithm specifications and supporting documentation (version 3.1). NIST Post-Quantum Cryptography Standardization Round, 3, 2021. [3] S. Bai and S. D. Galbraith. An improved compression technique for signatures based on learning with errors. In Topics in Cryptology–CT-RSA 2014: The Cryptographer＇s Track at the RSA Conference 2014, San Francisco, CA, USA, February 25-28, 2014. Proceedings, pages 28–47. Springer, 2014. [4] L. Batina, Ł. Chmielewski, L. Papachristodoulou, P. Schwabe, and M. Tunstall. Online template attacks. Journal of Cryptographic Engineering, 9:21–36, 2019. [5] Z. Chen, E. Karabulut, A. Aysu, Y. Ma, and J. Jing. An efficient non-profiled sidechannel attack on the crystals-dilithium post-quantum signature. In 2021 IEEE 39th International Conference on Computer Design (ICCD), pages 583–590. IEEE, 2021. [6] A. A. Ding, C. Chen, and T. Eisenbarth. Simpler, faster, and more robust t-test based leakage detection. In Constructive Side-Channel Analysis and Secure Design: 7th International Workshop, COSADE 2016, Graz, Austria, April 14-15, 2016, Revised Selected Papers 7, pages 163–183. Springer, 2016. [7] A. A. Ding, L. Zhang, F. Durvaux, F.-X. Standaert, and Y. Fei. Towards sound and optimal leakage detection procedure. In Smart Card Research and Advanced Applications: 16th International Conference, CARDIS 2017, Lugano, Switzerland, November 13–15, 2017, Revised Selected Papers, pages 105–122. Springer, 2018. [8] T. Güneysu, V. Lyubashevsky, and T. Pöppelmann. Practical lattice-based cryptography: A signature scheme for embedded systems. In Cryptographic Hardware and Embedded Systems–CHES 2012: 14th International Workshop, Leuven, Belgium, September 9-12, 2012. Proceedings 14, pages 530–547. Springer, 2012. [9] V. Lyubashevsky. Fiat-shamir with aborts: Applications to lattice and factoringbased signatures. In Advances in Cryptology–ASIACRYPT 2009: 15th International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan, December 6-10, 2009. Proceedings 15, pages 598–616. Springer, 2009. [10] V. Lyubashevsky. Lattice signatures without trapdoors. In Advances in Cryptology–EUROCRYPT 2012: 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, April 15-19, 2012. Proceedings 31, pages 738–755. Springer, 2012. [11] S. Mangard, E. Oswald, and T. Popp. Power analysis attacks: Revealing the secrets of smart cards, volume 31. Springer Science & Business Media, 2008. [12] V. Migliore, B. Gérard, M. Tibouchi, and P.-A. Fouque. Masking dilithium: efficient implementation and side-channel evaluation. In Applied Cryptography and Network Security: 17th International Conference, ACNS 2019, Bogota, Colombia, June 5–7, 2019, Proceedings 17, pages 344–362. Springer, 2019.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/87942	-
dc.description.abstract	隨者量子電腦的發展，後量子密碼演算法，將會取代現有的非對稱密碼系統。在2022 年七月，美國國家標準暨技術研究院，公布了標準化的後量子數位簽章法，Crystal-Dilithium 是三個標準的其中一個，也是三個之中可以在合理時間內，於Cortex-M4 上運行的後量子數位簽章。 2022 年一月，一種運行於 Cortex-M4 加速版本的 Dilthium 被研發出來，它在小係數多項式乘法有更快的運算，使得運行的時間被近一步地縮短，然而也使其對旁通道攻擊的弱點進一步地被放大。本文使用了相關性能量分析攻擊(Correlation Power Analysis) 和 T 檢定(T-test)，將這兩種分析的方式結合，成功的攻擊了 Dilithium-2 的小係數多項式乘法，並且準確地還原其私鑰。Correlation Power Analysis 可以在短時間內，從66049 種可能性中找出最有可能的私鑰組合，而 Profiling T-test，則可從少數的組合中找到正確的答案，形成一個快速又有效果的攻擊方式。如果沒有使用 masking 或shuffling 進行防護，Dilithium 對於旁通道攻擊的防護是非常脆弱的。	zh_TW
dc.description.abstract	With the development of quantum computers, post-quantum cryptography (PQC) and its digital signatures will replace asymmetric cryptographic systems. In July 2022, the National Institute of Standards and Technology (NIST) announced the standardized Postquantum signatures. Crystal-Dilithium is one of the three digital signature standards, and it is also one of the three that can run on the Cortex-M4 in a reasonable time. In January 2022, a faster version of Dilithium was developed. It has faster operations in small coefficient polynomial multiplication, further shortening the running time and amplifying its vulnerability to side-channel attacks. This article uses the combination of Correlation Power Analysis and Profiling T-test to successfully attack Dilithium-2’s small coefficient polynomial multiplication to recover its sensitive information $s_1$ and $s_2$. Correlation Power Analysis can find the most likely $s_1$ and $s_2$ coefficient pairs from 66049 possibilities quickly. In contrast, the Profiling T-test can find the correct answer from a few candidates, forming a fast and effective attack method. Without the countermeasure of masking or shuffling for protection, Dilithium will be very vulnerable to side-channel attacks.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2023-07-31T16:26:56Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2023-07-31T16:26:56Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	Verification Letter from the Oral Examination Committee i 摘要iii Abstract v Contents vii List of Figures ix List of Tables xi Denotation xiii Chapter 1 Introduction 1 Chapter 2 Background 3 2.1 Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Dilithium Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.3 Faster Dilithium on Cortex-M4 . . . . . . . . . . . . . . . . . . . . 7 2.3.1 Dilithium2 and Dilithium5 . . . . . . . . . . . . . . . . . . . . . . 7 2.3.2 Dilithium3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.4 Side Channel Attack on Dilithium . . . . . . . . . . . . . . . . . . . 10 Chapter 3 Power Side-Channel Leakage in Dilithium 13 3.1 Hamming weight leakage attack . . . . . . . . . . . . . . . . . . . . 13 3.1.1 Hamming weight leakage in Dilithium3 . . . . . . . . . . . . . . . 14 3.2 Profiling T-test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.3 Online Template Attack (OTA) . . . . . . . . . . . . . . . . . . . . . 16 3.4 Decision Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Chapter 4 Experiment setup and Results 19 4.1 Experiment setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 4.2 Hamming weight leakage attack Results . . . . . . . . . . . . . . . . 19 4.2.1 CPA Attack Result of Dilithium3 . . . . . . . . . . . . . . . . . . . 21 4.3 Profiling T-test attack Results . . . . . . . . . . . . . . . . . . . . . 22 4.4 Online Template Attack Results . . . . . . . . . . . . . . . . . . . . 23 Chapter 5 Countermeasures 25 5.1 Countermeasures on Faster Dilithium . . . . . . . . . . . . . . . . . 25 5.2 Countermeasure result . . . . . . . . . . . . . . . . . . . . . . . . . 26 Chapter 6 Conclusions 29 References 31	-
dc.language.iso	en	-
dc.subject	司徒頓t檢定	zh_TW
dc.subject	後量子密碼	zh_TW
dc.subject	快速數論變換	zh_TW
dc.subject	相關性能量分析攻擊	zh_TW
dc.subject	電子簽章	zh_TW
dc.subject	模板攻擊	zh_TW
dc.subject	Digital Signature	en
dc.subject	Online Template Attack	en
dc.subject	Post-quantum Cryptography	en
dc.subject	Number Theoretic Transform	en
dc.subject	Correlation Power Analysis	en
dc.subject	Welch's T-test	en
dc.title	快速Dilithium 於Cortex-M4 平台實現的旁通道分析	zh_TW
dc.title	Side-Channel Analysis of Faster Dilithium on Cortex-M4	en
dc.type	Thesis	-
dc.date.schoolyear	111-2	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	陳君朋;楊柏因;陳榮傑;謝致仁	zh_TW
dc.contributor.oralexamcommittee	Jiun-Peng Chen;Bo-Yin Yang;Rong-Jaye Chen;Jyh-Ren Shieh	en
dc.subject.keyword	相關性能量分析攻擊,電子簽章,快速數論變換,模板攻擊,後量子密碼,司徒頓t檢定,	zh_TW
dc.subject.keyword	Correlation Power Analysis,Digital Signature,Number Theoretic Transform,Online Template Attack,Post-quantum Cryptography,Welch's T-test,	en
dc.relation.page	33	-
dc.identifier.doi	10.6342/NTU202301181	-
dc.rights.note	同意授權(全球公開)	-
dc.date.accepted	2023-06-30	-
dc.contributor.author-college	理學院	-
dc.contributor.author-dept	應用數學科學研究所	-
顯示於系所單位：	應用數學科學研究所

文件中的檔案：

檔案	大小	格式
ntu-111-2.pdf	2 MB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。