Template Attack against First-Order and Second-Order Masked Dilithium Implementation

This dataset is used to perform the first template attack (TA) targeting the NTT-domain polynomial matrix-vector multiplication $\mathbf{\hat{W}}_i=\mathbf{\hat{A}}\mathbf{\hat{y}}_i$, a previously unexplored leakage source in masked Dilithium, to recover the private key $\mathbf{s}_1$ of first-order and second-order masked Dilithium implementations.Please note that the entire power traces dataset for first-order and second-order masked Dilithium implementations is of significant size, around 600G. Therefore, we have only documented the points of interest (POI) extraction process for the first NTT-domain coefficient in folder 0. PPC.Within folders 1. First Order and 2. Second Order, the power traces are organized as POI, and the Mahalanobis distance based Template attack (MD-based TA) against the first/second masked implementations is employed to recover the private key.In the near future, we aim to optimize the data collection methodology and make the entire dataset publicly accessible.

本数据集用于开展针对数论变换（Number Theoretic Transform，NTT）域多项式矩阵-向量乘法 $mathbf{hat{W}}_i=mathbf{hat{A}}mathbf{hat{y}}_i$ 的首次模板攻击（Template Attack, TA），该运算此前在掩码Dilithium中尚未被发掘为泄漏源，旨在还原一阶与二阶掩码Dilithium实现的私钥 $mathbf{s}_1$。 请注意，一阶与二阶掩码Dilithium实现的完整功率迹数据集体量庞大，约为600GB。因此我们仅在文件夹0.PPC中记录了首个NTT域系数的兴趣点（Points of Interest, POI）提取流程。 在文件夹1.First Order（一阶）与2.Second Order（二阶）中，功率迹已按兴趣点进行组织，且本数据集采用针对一阶/二阶掩码实现的基于马哈拉诺比斯距离的模板攻击（Mahalanobis distance based Template Attack, MD-based TA）来还原私钥。 未来我们计划优化数据采集方法，并将完整数据集对外公开。