This thesis investigates the challenges of implementing a secure and optimized version of the Dilithium signature scheme on embedded devices, focusing on side-channel attacks and fault attacks.
The thesis contributes to the broader field of post-quantum cryptography by exploring practical vulnerabilities and countermeasures in real-world deployments.
The first contribution concerns the optimization of the Dilithium signature algorithm. The study compares polynomial-based and vector-based (of polynomials) implementations, demonstrating that a judicious choice of data structures and computations can lead to significant memory savings without substantial performance overhead. This optimization is crucial for embedded devices, where memory is often limited.
The thesis also focuses on side-channel and fault attacks against Dilithium. With regards to side-channel attacks, the work identified an intermediate value leakage exploitable by profiled attacks, enabling robust recovery of the secret key with a minimum of 200 000 signatures. Regarding fault attacks, the thesis has identified several places relevant both in the signature algorithm, allowing recovery of the secret key, and in the verification algorithm, allowing acceptance of incorrect signatures.
The thesis finally contributes to understanding how to balance security and efficiency in post-quantum cryptographic implementations.