Analysis of pseudorandom number generation processes in EP CRYSTALS-Dilithium
DOI:
https://doi.org/10.30837/rt.2023.2.213.02Keywords:
post-quantum cryptography, EP Crystals-Dilithium, DRNG, AES-CTR RNG, SHAKE-256, AIS 31Abstract
The paper provides an analysis of pseudorandom number generation processes in the Crystals-Dilithium post-quantum electronic signature scheme, a finalist in the NIST PQC post-quantum cryptography competition. The main focus is on the pseudo-random number generator based on the AES block cipher in counter mode. A formal model was built for this pseudo-random number generator that meets the requirements of the latest version of the AIS 31 standard, containing requirements for secure pseudorandom number generators. A pseudo-random number generator based on the AES block cipher in counter mode is shown to satisfy the requirements of functional class DRG.3, provided that the initial value for the generator is obtained from a truly random number source (either a physically truly random or a non-physical truly random source) or another generator of pseudo-random numbers having a security class not lower than the DRG class.3. In addition, the use of shake128/256 for the generation of pseudorandom sequences in Crystals-Dilithium will be analyzed. Based on the results of the analysis, recommendations are given regarding the compilation parameters depending on the conditions of use. Namely, it is concluded that an AES-based generator is more vulnerable to side-channel attacks, from which it follows that it is not recommended to use the DILITHIUM_USE_AES flag unless there are additional guarantees to protect the machine from side-channel attacks. If the operating system's cryptographic API is trusted, it is recommended to use the DILITHIUM_RANDOMIZED_SIGNING compilation flag. In systems with low trust in the cryptographic API of the operating system, it is possible to use a variant with deterministic signature generation.
References
NIST SP 800-90A. Recomendation for Random Number Generation Using Deterministic Random Bit Generation, June 2015.
BSI AIS 31. A Proposal for Functionality Classes for Random Number Generators, September 2022
FIPS 197. Advanced Encryption Standart, 2001.
Introduction to Modern Cryptography: Principles and Protocols / Katz, Jonathan; Lindell, Yehuda // Chapman & Hall/CRC Cryptography and Network Security Series, CRC Press, 2014.
Bellare M, Desai A., Jokipii E., Rogaway P. A concrete security treatment of symmetric encryption. FOCS, 1997.
M. Campagna. Security bounds for the NIST codebook-based deterministic random bit generator. Cryptology ePrint Archive. URL: https://eprint.iacr.org/2006/379
Hoang V., Shen Y. Security Analysis of NIST CTR-DRBG. Cryptology ePrint Archive. URL: https://eprint.iacr.org/2020/619
Lyubachevsky V., Ducas L., Kiltz E. CRYSTALS-Dilithium Techn. rep. NIST, 2017. [Electronic resource]. – Access mode: https://pq-crystals.org/dilithium/index.shtml
FIPS 202. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, 2015.
Goldreich O. Foundations of Cryptography: Volume 2. Cambridge University Press, 2000. 392 p.
Bertoni G., Daemen J., Peeters M., Van Assche G. Cryptographic sponge functions. URL: https://keccak.team/files/CSF-0.1.pdf
Sponge-based pseudo-random number generators, CHES (S. Mangard and F.-X. Standaert, eds.), Lecture Notes in Computer Science, vol. 6225, Springer, 2010, pp. 33–47.
Горбенко І. Д., Горбенко Ю. І. Прикладна криптологія. Теорія. Практика. Застосування: монографія. Харків : Форт, 2012. 880 с.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).