Thorough Power Analysis on Falcon Gaussian Samplers and Practical Countermeasure

Xiuhan Lin; Shiduo Zhang; Yang Yu; Weijia Wang; Qidi You; Ximing Xu; Xiaoyun Wang

Paper 2025/351

Thorough Power Analysis on Falcon Gaussian Samplers and Practical Countermeasure

Xiuhan Lin

, Shandong University

Shiduo Zhang

, Tsinghua University

Yang Yu

, Tsinghua University

Weijia Wang

, Shandong University

Qidi You, State Key Laboratory of Space-Ground Integrated Information Technology

Ximing Xu, China Mobile Internet

Xiaoyun Wang

, Tsinghua University

Abstract

Falcon is one of post-quantum signature schemes selected by NIST for standardization. With the deployment underway, its implementation security is of great importance. In this work, we focus on the side-channel security of Falcon and our contributions are threefold. First, by exploiting the symplecticity of NTRU and a recent decoding technique, we dramatically improve the key recovery using power leakages within Falcon Gaussian samplers. Compared to the state of the art (Zhang, Lin, Yu and Wang, EUROCRYPT 2023), the amount of traces required by our attack for a full key recovery is reduced by at least 85%. Secondly, we present a complete power analysis for two exposed power leakages within Falcon’s integer Gaussian sampler. We identify new sources of these leakages, which have not been identified by previous works, and conduct detailed security evaluations within the reference implementation of Falcon on Chipwhisperer. Thirdly, we propose effective and easy-to-implement countermeasures against both two leakages to protect the whole Falcon’s integer Gaussian sampler. Configured with our countermeasures, we provide security evaluations on Chipwhisperer and report performance of protected implementation. Experimental results highlight that our countermeasures admit a practical trade-off between effciency and side-channel security.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Published by the IACR in PKC 2025
Keywords: Lattice-Based Cryptography Side-Channel Analysis Falcon Signature Scheme Gaussian Sampler NTRU
Contact author(s): xhlin @ mail sdu edu cn
zsd @ mail tsinghua edu cn
yu-yang @ mail tsinghua edu cn
wjwang @ sdu edu cn
youqd @ spacestar com cn
xuximing @ chinamobile com
xiaoyunwang @ tsinghua edu cn
History: 2025-02-25: approved; 2025-02-25: received; See all versions
Short URL: https://ia.cr/2025/351
License: CC BY

BibTeX

@misc{cryptoeprint:2025/351,
      author = {Xiuhan Lin and Shiduo Zhang and Yang Yu and Weijia Wang and Qidi You and Ximing Xu and Xiaoyun Wang},
      title = {Thorough Power Analysis on Falcon Gaussian Samplers and Practical Countermeasure},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/351},
      year = {2025},
      url = {https://eprint.iacr.org/2025/351}
}