Analysis of pseudorandom number generation processes in EP CRYSTALS-Dilithium

Authors

  • S.О. Kandiy Харківський національний університет імені В. Н. Каразіна, АТ «Інститут Інформаційних Технологій», Ukraine https://orcid.org/0000-0003-0552-8341

DOI:

https://doi.org/10.30837/rt.2023.2.213.02

Keywords:

post-quantum cryptography, EP Crystals-Dilithium, DRNG, AES-CTR RNG, SHAKE-256, AIS 31

Abstract

The paper provides an analysis of pseudorandom number generation processes in the Crystals-Dilithium post-quantum electronic signature scheme, a finalist in the NIST PQC post-quantum cryptography competition. The main focus is on the pseudo-random number generator based on the AES block cipher in counter mode. A formal model was built for this pseudo-random number generator that meets the requirements of the latest version of the AIS 31 standard,    containing requirements for secure pseudorandom number generators. A pseudo-random number generator based on the AES block cipher in counter mode is shown to satisfy the requirements of functional class DRG.3, provided that the initial value for the generator is obtained from a truly random number source (either a physically truly random or a non-physical truly random source) or another generator of pseudo-random numbers having a security class not lower than the DRG class.3. In addition, the use of shake128/256 for the generation of pseudorandom sequences in Crystals-Dilithium will be analyzed. Based on the results of the analysis, recommendations are given regarding the compilation parameters depending on the conditions of use. Namely, it is concluded that an AES-based generator is more vulnerable to side-channel attacks, from which it follows that it is not recommended to use the DILITHIUM_USE_AES flag unless there are additional guarantees to protect the machine from side-channel attacks. If the operating system's cryptographic API is trusted, it is recommended to use the DILITHIUM_RANDOMIZED_SIGNING compilation flag. In systems with low trust in the cryptographic API of the operating system, it is possible to use a variant with deterministic signature generation.

References

NIST SP 800-90A. Recomendation for Random Number Generation Using Deterministic Random Bit Generation, June 2015.

BSI AIS 31. A Proposal for Functionality Classes for Random Number Generators, September 2022

FIPS 197. Advanced Encryption Standart, 2001.

Introduction to Modern Cryptography: Principles and Protocols / Katz, Jonathan; Lindell, Yehuda // Chapman & Hall/CRC Cryptography and Network Security Series, CRC Press, 2014.

Bellare M, Desai A., Jokipii E., Rogaway P. A concrete security treatment of symmetric encryption. FOCS, 1997.

M. Campagna. Security bounds for the NIST codebook-based deterministic random bit generator. Cryptology ePrint Archive. URL: https://eprint.iacr.org/2006/379

Hoang V., Shen Y. Security Analysis of NIST CTR-DRBG. Cryptology ePrint Archive. URL: https://eprint.iacr.org/2020/619

Lyubachevsky V., Ducas L., Kiltz E. CRYSTALS-Dilithium Techn. rep. NIST, 2017. [Electronic resource]. – Access mode: https://pq-crystals.org/dilithium/index.shtml

FIPS 202. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, 2015.

Goldreich O. Foundations of Cryptography: Volume 2. Cambridge University Press, 2000. 392 p.

Bertoni G., Daemen J., Peeters M., Van Assche G. Cryptographic sponge functions. URL: https://keccak.team/files/CSF-0.1.pdf

Sponge-based pseudo-random number generators, CHES (S. Mangard and F.-X. Standaert, eds.), Lecture Notes in Computer Science, vol. 6225, Springer, 2010, pp. 33–47.

Горбенко І. Д., Горбенко Ю. І. Прикладна криптологія. Теорія. Практика. Застосування: монографія. Харків : Форт, 2012. 880 с.

Published

2023-06-16

How to Cite

Kandiy, S. (2023). Analysis of pseudorandom number generation processes in EP CRYSTALS-Dilithium. Radiotekhnika, 2(213), 18–30. https://doi.org/10.30837/rt.2023.2.213.02

Issue

Section

Articles