Loop-Abort Faults on Lattice-Based Signature Schemes and Key Exchange Protocols

Although postquantum cryptography is of growing practical concern, not many works have been devoted to implementation security issues related to postquantum schemes. In this paper, we look in particular at fault attacks against implementations of lattice-based signatures and key exchange protocols....

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on computers 2018-11, Vol.67 (11), p.1535-1549
Main Authors: Espitau, Thomas, Fouque, Pierre-Alain, Gerard, Benoit, Tibouchi, Mehdi
Format: Article
Language:English
Subjects:
Cryptography
Digital signatures
Exchanging
Fault attacks
Hardware
Lattices
postquantum cryptography
Private networks
Protocols
Signatures
Software
Storage area networks
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Although postquantum cryptography is of growing practical concern, not many works have been devoted to implementation security issues related to postquantum schemes. In this paper, we look in particular at fault attacks against implementations of lattice-based signatures and key exchange protocols. For signature schemes, we are interested both in Fiat-Shamir type constructions (particularly BLISS, but also GLP, PASSSign, and Ring-TESLA) and in hash-and-sign schemes (particularly the GPV-based scheme of Ducas-Prest-Lyubashevsky). For key exchange protocols, we study the implementations of NewHope, Frodo, and Kyber. These schemes form a representative sample of modern, practical lattice-based signatures and key exchange protocols, and achieve a high level of efficiency in both software and hardware. We present several fault attacks against those schemes that recover the entire key recovery with only a few faulty executions (sometimes only one), show that those attacks can be mounted in practice based on concrete experiments in hardware, and discuss possible countermeasures against them.
ISSN:0018-9340
1557-9956
DOI:10.1109/TC.2018.2833119