{"id":"https://openalex.org/W4414017045","doi":"https://doi.org/10.46586/tches.v2025.i4.817-847","title":"Rejected Signatures\u2019 Challenges Pose New Challenges: Key Recovery of CRYSTALS-Dilithium via Side-Channel Attacks","display_name":"Rejected Signatures\u2019 Challenges Pose New Challenges: Key Recovery of CRYSTALS-Dilithium via Side-Channel Attacks","publication_year":2025,"publication_date":"2025-09-05","ids":{"openalex":"https://openalex.org/W4414017045","doi":"https://doi.org/10.46586/tches.v2025.i4.817-847"},"language":"en","primary_location":{"id":"doi:10.46586/tches.v2025.i4.817-847","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2025.i4.817-847","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/12430/12158","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tches.iacr.org/index.php/TCHES/article/download/12430/12158","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5044337890","display_name":"Yuanyuan Zhou","orcid":"https://orcid.org/0000-0002-8703-219X"},"institutions":[{"id":"https://openalex.org/I1335490905","display_name":"Synopsys (Switzerland)","ror":"https://ror.org/03mb54f81","country_code":"CH","type":"company","lineage":["https://openalex.org/I1335490905","https://openalex.org/I4210088951"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Yuanyuan Zhou","raw_affiliation_strings":["Synopsys, Eindhoven, The Netherlands"],"raw_orcid":"https://orcid.org/0000-0002-8703-219X","affiliations":[{"raw_affiliation_string":"Synopsys, Eindhoven, The Netherlands","institution_ids":["https://openalex.org/I1335490905"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100460456","display_name":"Weijia Wang","orcid":"https://orcid.org/0000-0001-6982-2537"},"institutions":[{"id":"https://openalex.org/I143413998","display_name":"Qingdao University of Science and Technology","ror":"https://ror.org/041j8js14","country_code":"CN","type":"education","lineage":["https://openalex.org/I143413998"]},{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]},{"id":"https://openalex.org/I4210132990","display_name":"State Key Laboratory of Cryptology","ror":"https://ror.org/02pn5rj08","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210132990"]},{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Weijia Wang","raw_affiliation_strings":["Shandong University, School of Cyber Science and Technology, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, China","Shandong University, School of Cyber Science and Technology, Qingdao, China","Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, China"],"raw_orcid":"https://orcid.org/0000-0001-6982-2537","affiliations":[{"raw_affiliation_string":"Shandong University, School of Cyber Science and Technology, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, China","institution_ids":["https://openalex.org/I80143920","https://openalex.org/I143413998"]},{"raw_affiliation_string":"Shandong University, School of Cyber Science and Technology, Qingdao, China","institution_ids":["https://openalex.org/I80143920"]},{"raw_affiliation_string":"Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, China","institution_ids":["https://openalex.org/I4210132990","https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yiteng Sun","orcid":"https://orcid.org/0009-0009-7674-1327"},"institutions":[{"id":"https://openalex.org/I143413998","display_name":"Qingdao University of Science and Technology","ror":"https://ror.org/041j8js14","country_code":"CN","type":"education","lineage":["https://openalex.org/I143413998"]},{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]},{"id":"https://openalex.org/I4210132990","display_name":"State Key Laboratory of Cryptology","ror":"https://ror.org/02pn5rj08","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210132990"]},{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yiteng Sun","raw_affiliation_strings":["Shandong University, School of Cyber Science and Technology, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, China","Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, China","Shandong University, School of Cyber Science and Technology, Qingdao, China"],"raw_orcid":"https://orcid.org/0009-0009-7674-1327","affiliations":[{"raw_affiliation_string":"Shandong University, School of Cyber Science and Technology, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, China","institution_ids":["https://openalex.org/I80143920","https://openalex.org/I143413998"]},{"raw_affiliation_string":"Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, China","institution_ids":["https://openalex.org/I4210132990","https://openalex.org/I154099455"]},{"raw_affiliation_string":"Shandong University, School of Cyber Science and Technology, Qingdao, China","institution_ids":["https://openalex.org/I80143920"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100417226","display_name":"Yu Yu","orcid":"https://orcid.org/0000-0002-9278-4521"},"institutions":[{"id":"https://openalex.org/I183067930","display_name":"Shanghai Jiao Tong University","ror":"https://ror.org/0220qvk04","country_code":"CN","type":"education","lineage":["https://openalex.org/I183067930"]},{"id":"https://openalex.org/I4210122302","display_name":"ShangHai JiAi Genetics & IVF Institute","ror":"https://ror.org/02rgbry52","country_code":"CN","type":"healthcare","lineage":["https://openalex.org/I4210122302"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yu Yu","raw_affiliation_strings":["Shanghai Jiao Tong University, Shanghai 200240, China; Shanghai Qi Zhi Institute, 701 Yunjin Road, Shanghai 200232, China","Shanghai Jiao Tong University, Shanghai 200240, China","Shanghai Qi Zhi Institute, 701 Yunjin Road, Shanghai 200232, China"],"raw_orcid":"https://orcid.org/0000-0002-9278-4521","affiliations":[{"raw_affiliation_string":"Shanghai Jiao Tong University, Shanghai 200240, China; Shanghai Qi Zhi Institute, 701 Yunjin Road, Shanghai 200232, China","institution_ids":["https://openalex.org/I183067930"]},{"raw_affiliation_string":"Shanghai Jiao Tong University, Shanghai 200240, China","institution_ids":["https://openalex.org/I183067930"]},{"raw_affiliation_string":"Shanghai Qi Zhi Institute, 701 Yunjin Road, Shanghai 200232, China","institution_ids":["https://openalex.org/I4210122302"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":4.9044,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.95322021,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":"2025","issue":"4","first_page":"817","last_page":"847"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T13192","display_name":"Forensic Fingerprint Detection Methods","score":0.9768000245094299,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T13192","display_name":"Forensic Fingerprint Detection Methods","score":0.9768000245094299,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9498999714851379,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9417999982833862,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/dilithium","display_name":"Dilithium","score":0.8993502855300903},{"id":"https://openalex.org/keywords/side-channel-attack","display_name":"Side channel attack","score":0.8869854807853699},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.7328137159347534},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.569241464138031},{"id":"https://openalex.org/keywords/channel","display_name":"Channel (broadcasting)","score":0.4882085621356964},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4367423951625824},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3447684645652771},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.23421931266784668},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.1861349642276764},{"id":"https://openalex.org/keywords/chemistry","display_name":"Chemistry","score":0.1777602732181549}],"concepts":[{"id":"https://openalex.org/C2775951159","wikidata":"https://www.wikidata.org/wiki/Q1189242","display_name":"Dilithium","level":4,"score":0.8993502855300903},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.8869854807853699},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.7328137159347534},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.569241464138031},{"id":"https://openalex.org/C127162648","wikidata":"https://www.wikidata.org/wiki/Q16858953","display_name":"Channel (broadcasting)","level":2,"score":0.4882085621356964},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4367423951625824},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3447684645652771},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.23421931266784668},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.1861349642276764},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.1777602732181549},{"id":"https://openalex.org/C145148216","wikidata":"https://www.wikidata.org/wiki/Q36496","display_name":"Ion","level":2,"score":0.0},{"id":"https://openalex.org/C118629725","wikidata":"https://www.wikidata.org/wiki/Q2686738","display_name":"Deprotonation","level":3,"score":0.0},{"id":"https://openalex.org/C178790620","wikidata":"https://www.wikidata.org/wiki/Q11351","display_name":"Organic chemistry","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.46586/tches.v2025.i4.817-847","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2025.i4.817-847","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/12430/12158","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:10e34b503e5e44b0a0c41b221ceace76","is_oa":true,"landing_page_url":"https://doaj.org/article/10e34b503e5e44b0a0c41b221ceace76","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Transactions on Cryptographic Hardware and Embedded Systems, Vol 2025, Iss 4 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.46586/tches.v2025.i4.817-847","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2025.i4.817-847","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/12430/12158","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1997119393","display_name":null,"funder_award_id":"2021ZD0302901","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2324555706","display_name":null,"funder_award_id":"62372273","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3857364911","display_name":null,"funder_award_id":"2021ZD0302902","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8345338539","display_name":null,"funder_award_id":"2020YFA0309705","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4414017045.pdf","grobid_xml":"https://content.openalex.org/works/W4414017045.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W3158626348","https://openalex.org/W2950221173","https://openalex.org/W1988497436","https://openalex.org/W2136354148","https://openalex.org/W4240909249","https://openalex.org/W2062077317","https://openalex.org/W4411727029","https://openalex.org/W2951963551","https://openalex.org/W4200446781","https://openalex.org/W4385711937"],"abstract_inverted_index":{"Rejection":[0],"sampling":[1,266],"is":[2,250],"a":[3,35,180],"crucial":[4],"security":[5,92,165,276],"mechanism":[6],"in":[7,175],"lattice-based":[8],"signature":[9,26],"schemes":[10],"that":[11,30,79,262],"follow":[12],"the":[13,39,64,91,94,98,102,108,131,134,137,143,147,154,157,172,189,219,225,244,251,264],"Fiat-Shamir":[14],"with":[15,68,179,218],"aborts":[16],"paradigm,":[17],"such":[18,52],"as":[19,53,149,151],"MLDSA/":[20],"CRYSTALS-Dilithium.":[21],"This":[22],"technique":[23],"transforms":[24],"secret-dependent":[25],"samples":[27],"into":[28],"ones":[29],"are":[31],"statistically":[32],"close":[33],"to":[34,113,200,273],"secret-independent":[36],"distribution":[37],"(in":[38],"random":[40],"oracle":[41],"model).":[42],"While":[43],"many":[44],"side-channel":[45,256],"attacks":[46],"have":[47,62],"directly":[48],"targeted":[49],"sensitive":[50],"data":[51],"nonces,":[54],"secret":[55],"keys,":[56],"and":[57,136,193,195,215,254],"decomposed":[58],"commitments,":[59],"fewer":[60],"studies":[61],"explored":[63],"potential":[65],"leakage":[66,80,109,208],"associated":[67,217],"rejection":[69,111,265],"sampling.":[70],"Notably,":[71],"at":[72],"HOST":[73],"2021,":[74],"Karabulut":[75],"et":[76],"al.":[77],"showed":[78],"from":[81,209],"rejected":[82,121,158,190,229],"signatures\u2019":[83],"challenges":[84],"can":[85],"undermine,":[86],"but":[87],"not":[88],"entirely":[89],"break,":[90],"of":[93,104,110,123,130,146,156,167,188,227,246],"Dilithium":[95],"scheme.Motivated":[96],"by":[97,204,233],"above,":[99],"we":[100,197,269],"convert":[101],"problem":[103,118,148],"key":[105,174,257],"recovery":[106,258],"(from":[107],"sampling)":[112],"an":[114,239],"integer":[115],"linear":[116],"programming":[117],"(ILP),":[119],"where":[120],"responses":[122],"unique":[124],"Hamming":[125],"weights":[126],"set":[127],"upper/lower":[128],"constraints":[129],"product":[132],"between":[133],"challenge":[135,160,192,231],"private":[138,173],"key.":[139],"We":[140,223],"formally":[141],"study":[142],"worst-case":[144],"complexity":[145],"well":[150],"empirically":[152],"confirm":[153],"practicality":[155,226],"signature\u2019s":[159,191,230],"attack.":[161],"For":[162],"all":[163],"three":[164],"levels":[166],"Dilithium-2/3/5,":[168],"our":[169,247],"attack":[170,185,232,259],"recovers":[171],"seconds":[176],"or":[177],"minutes":[178],"100%":[181],"Success":[182],"Rate":[183],"(SR).Our":[184],"leverages":[186],"knowledge":[187],"response,":[194],"thus":[196],"propose":[198],"methods":[199],"extract":[201],"this":[202,228,275],"information":[203],"exploiting":[205],"single-trace":[206],"sidechannel":[207],"Number":[210],"Theoretic":[211],"Transform":[212],"(NTT)":[213],"operations":[214],"functions":[216],"response":[220],"generation":[221],"procedure.":[222,267],"demonstrate":[224],"using":[234],"real":[235],"power":[236],"consumption":[237],"on":[238,260],"ARM":[240],"Cortex-M4":[241],"microcontroller.":[242],"To":[243],"best":[245],"knowledge,":[248],"it":[249],"first":[252],"practical":[253],"efficient":[255],"ML-DSA/Dilithium":[261],"targets":[263],"Furthermore,":[268],"discuss":[270],"some":[271],"countermeasures":[272],"mitigate":[274],"issue.":[277]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}
