Falcon Down: Breaking the Falcon Post-Quantum Signature Scheme through Side-Channel Attacks
TimeWednesday, December 8th1:30pm - 1:52pm PST
Hardware Security: Attack and Defense
DescriptionThis paper proposes the first side-channel attack on Falcon---a NIST Round-3 finalist for the post-quantum digital signature algorithm. We demonstrate that a chosen- or known-plaintext attack with electromagnetic measurements of the device allows extracting the secret signing keys. The adversary then can use these keys to forge signatures on arbitrary messages. The proposed attack targets the unique floating-point multiplications of the Fast Fourier Transform in Falcon with a novel extend-and-prune strategy that extracts, sign-bit, mantissa, and the exponent variables without any errors. The extracted floating-point values are then mapped back to the secret key's coefficients.