BLUE
Login
EU
ePrint Updates
@eprint.bsky.social
Unofficial bot tracking updates to the IACR Cryptology ePrint Archive (eprint.iacr.org/). Maintained by @str4d.xyz. Currently only posts about new papers. Author names are linkified to Bluesky accounts; contact maintainer for inclusion or removal.
404 followers1 following2.9k posts
EUeprint.bsky.social

Uncompressing Dilithium’s public key (Paco Azevedo Oliveira, Andersson Calle Viera, Benoît Cogliati, Louis Goubin) ia.cr/2024/1373

Abstract. To be competitive with other signature schemes, the MLWE instance $\bf (A,t)$ on which Dilithium is based is compressed: the least significant bits of $\bf t$, which are denoted t₀, are considered part of the secret key. Knowing $\bf t_0$ does not provide any information about the other data in the secret key, but it does allow the construction of much more efficient side-channel attacks. Yet to the best of our knowledge, there is no kown way to recover $\bf t_0$ from Dilithium signatures. In this work, we show that each Dilithium signature leaks information on $\bf t_0$, then we construct an attack that retrieves the vector $\bf t_0$ from Dilithium signatures. Experimentally, for Dilithium-2, 4 000 000 signatures and 2 hours are sufficient to recover t₀ on a desktop computer.
0
EU
ePrint Updates
@eprint.bsky.social
Unofficial bot tracking updates to the IACR Cryptology ePrint Archive (eprint.iacr.org/). Maintained by @str4d.xyz. Currently only posts about new papers. Author names are linkified to Bluesky accounts; contact maintainer for inclusion or removal.
404 followers1 following2.9k posts
HomePopularExplore