Abstract. CRYSTALS-Dilithium has been selected by the NIST as the new standard for post-quantum digital signatures. In this work, we revisit the side-channel
countermeasures of Dilithium in three directions. First, we improve its sensitivity
analysis by classifying intermediate computations according their physical security
requirements. This allows us to identify which parts of Dilithium must be protected
against Differential Power Analysis (DPA), which parts must be protected against
Simple Power Analysis (SPA) and which parts can leak in an unbounded manner. Second, we provide improved gadgets dedicated to Dilithium, taking advantage of recent
advances in masking conversion algorithms. Third, we combine these contributions
with standard shuffling techniques in order to design so-called leveled implementations
that offer an improved security vs. performance trade-off compared to the state-ofthe-art. Our benchmarking results additionally put forward that the randomized
version of Dilithium can lead to significantly more efficient implementations (than its
deterministic version) when side-channel attacks are a concern.
Keywords: Dilithium · Masking · Lattice-based Cryptography · Post-Quantum
Cryptography · Side-Channel Countermeasures
