Efficient And Non-Profiled Side-Channel Attacks Against Post-Quantum Cryptography

This dissertation explores side-channel attacks targeting Post-Quantum Cryptography(PQC). The focus is on lattice-based PQC algorithms standardized by NISTduring the course of this research: the Dilithium digital signature scheme (MLDSA)and the Kyber key encapsulation mechanism (ML-KEM). Both unprotectedand protected implementations of these algorithms are considered. The study particularlyfocuses on the non-profiled class of attacks, which does not rely on accessto a clone of the target device.Existing non-profiled attack methodologies are revisited and improved, particularlyin terms of the required number of traces and also the attack run-time. While bothaspects are addressed, the trace complexity is given greater emphasis. Regarding theattack run-time efficiency, an attack methodology applicable to Kyber and specificimplementations of Dilithium is introduced, achieving speedups of up to three ordersof magnitude.The thesis explores the application of higher-order non-profiled attacks to Lattice-Based Cryptography (LBC). These attacks face unique challenges due to the socalledarithmetic masking schemes employed in protected LBC implementations.These challenges are analyzed in depth, and novel solutions are proposed. Performinghigher-order non-profiled attacks require to compute so-called the optimalprediction function. This work presents efficient methods for deriving these functionsin the context of arithmetic masking and LBC, including explicit formulas in specific cases—namely, when modular reduction is performed in a signed fashioncentered around zero.Importantly, the thesis demonstrates that using signed arithmetic introduces a significantvulnerability by creating a strong dependency between the signs of intermediatevariables and the observed leakage.Experimental results are presented for both simulated and real-device settings, coveringimplementations from unprotected up to third-order masked. These resultsare unique in the literature, representing the first demonstration of non-profiledattacks against higher-order masked implementations of LBC. The findings revealthat non-profiled side-channel attacks pose a serious threat to masked implementations.For example, third-order masked implementations of Dilithium and Kyberare successfully attacked with only 2400 and 14500 traces, respectively.Furthermore, the thesis addresses the scenario in which the attacker does not knowthe leakage function of the device. A novel two-step attack combining generic SCAdistinguishers with lattice reduction techniques is proposed. Experimental resultsshow that this approach enables successful non-profiled attacks even when the victimimplementation employs masking protection and the device’s leakage characteristicsare unknown.