Abstract. The post-quantum digital signature scheme CRYSTALS-Dilithium has
been recently selected by the NIST for standardization. Implementing CRYSTALSDilithium, and other post-quantum cryptography schemes, on embedded devices
raises a new set of challenges, including ones related to performance in terms of speed
and memory requirements, but also related to side-channel and fault injection attacks
security. In this work, we investigated the latter and describe a differential fault attack
on the randomized and deterministic versions of CRYSTALS-Dilithium. Notably, the
attack requires a few instructions skips and is able to reduce the MLWE problem that
Dilithium is based on to a smaller RLWE problem which can be practically solved
with lattice reduction techniques. Accordingly, we demonstrated key recoveries using
hints extracted on the secret keys from the same faulted signatures using the LWE
with side-information framework introduced by Dachman-Soled et al. at CRYPTO’20.
As a final contribution, we proposed algorithmic countermeasures against this attack
and in particular showed that the second one can be parameterized to only induce a
negligible overhead over the signature generation.
Keywords: Post-Quantum Cryptography · Differential Fault Attacks · Dilithium ·
Lattice Reduction
