Loading…
Loop-Abort Faults on Lattice-Based Signature Schemes and Key Exchange Protocols
Although postquantum cryptography is of growing practical concern, not many works have been devoted to implementation security issues related to postquantum schemes. In this paper, we look in particular at fault attacks against implementations of lattice-based signatures and key exchange protocols....
Saved in:
| Published in: | IEEE transactions on computers 2018-11, Vol.67 (11), p.1535-1549 |
|---|---|
| Main Authors: | , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | |
| container_end_page | 1549 |
| container_issue | 11 |
| container_start_page | 1535 |
| container_title | IEEE transactions on computers |
| container_volume | 67 |
| creator | Espitau, Thomas Fouque, Pierre-Alain Gerard, Benoit Tibouchi, Mehdi |
| description | Although postquantum cryptography is of growing practical concern, not many works have been devoted to implementation security issues related to postquantum schemes. In this paper, we look in particular at fault attacks against implementations of lattice-based signatures and key exchange protocols. For signature schemes, we are interested both in Fiat-Shamir type constructions (particularly BLISS, but also GLP, PASSSign, and Ring-TESLA) and in hash-and-sign schemes (particularly the GPV-based scheme of Ducas-Prest-Lyubashevsky). For key exchange protocols, we study the implementations of NewHope, Frodo, and Kyber. These schemes form a representative sample of modern, practical lattice-based signatures and key exchange protocols, and achieve a high level of efficiency in both software and hardware. We present several fault attacks against those schemes that recover the entire key recovery with only a few faulty executions (sometimes only one), show that those attacks can be mounted in practice based on concrete experiments in hardware, and discuss possible countermeasures against them. |
| doi_str_mv | 10.1109/TC.2018.2833119 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_8354897</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8354897</ieee_id><sourcerecordid>2117182736</sourcerecordid><originalsourceid>FETCH-LOGICAL-i203t-3cd1ec40e252e41a315d59401d6b2462f687646122a2c6aea5198f18698a9adc3</originalsourceid><addsrcrecordid>eNotjcFOAjEURRujiYiuXbhp4rrY10477RIJqHESTMD1pHQeMASm2HYS-XtJcHUW9-QeQh6BjwC4fVlORoKDGQkjJYC9IgNQqmTWKn1NBvw8MSsLfkvuUtpxzrXgdkDmVQhHNl6FmOnM9fucaOho5XJuPbJXl7Chi3bTudxHpAu_xQMm6rqGfuKJTn_91nUbpF8x5ODDPt2Tm7XbJ3z455B8z6bLyTur5m8fk3HFWsFlZtI3gL7gKJTAApwE1ShbcGj0ShRarLUpdaFBCCe8dugUWLMGo61x1jVeDsnz5fcYw0-PKde70MfunKwFQAlGlFKfraeL1SJifYztwcVTbaQqjC3lHxFLV-M</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2117182736</pqid></control><display><type>article</type><title>Loop-Abort Faults on Lattice-Based Signature Schemes and Key Exchange Protocols</title><source>IEEE Electronic Library (IEL) Journals</source><creator>Espitau, Thomas ; Fouque, Pierre-Alain ; Gerard, Benoit ; Tibouchi, Mehdi</creator><creatorcontrib>Espitau, Thomas ; Fouque, Pierre-Alain ; Gerard, Benoit ; Tibouchi, Mehdi</creatorcontrib><description>Although postquantum cryptography is of growing practical concern, not many works have been devoted to implementation security issues related to postquantum schemes. In this paper, we look in particular at fault attacks against implementations of lattice-based signatures and key exchange protocols. For signature schemes, we are interested both in Fiat-Shamir type constructions (particularly BLISS, but also GLP, PASSSign, and Ring-TESLA) and in hash-and-sign schemes (particularly the GPV-based scheme of Ducas-Prest-Lyubashevsky). For key exchange protocols, we study the implementations of NewHope, Frodo, and Kyber. These schemes form a representative sample of modern, practical lattice-based signatures and key exchange protocols, and achieve a high level of efficiency in both software and hardware. We present several fault attacks against those schemes that recover the entire key recovery with only a few faulty executions (sometimes only one), show that those attacks can be mounted in practice based on concrete experiments in hardware, and discuss possible countermeasures against them.</description><identifier>ISSN: 0018-9340</identifier><identifier>EISSN: 1557-9956</identifier><identifier>DOI: 10.1109/TC.2018.2833119</identifier><identifier>CODEN: ITCOB4</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Cryptography ; Digital signatures ; Exchanging ; Fault attacks ; Hardware ; Lattices ; postquantum cryptography ; Private networks ; Protocols ; Signatures ; Software ; Storage area networks</subject><ispartof>IEEE transactions on computers, 2018-11, Vol.67 (11), p.1535-1549</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2018</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><orcidid>0000-0002-7655-9594 ; 0000-0002-0598-2387 ; 0000-0002-2736-2963</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8354897$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>315,786,790,27957,27958,55147</link.rule.ids></links><search><creatorcontrib>Espitau, Thomas</creatorcontrib><creatorcontrib>Fouque, Pierre-Alain</creatorcontrib><creatorcontrib>Gerard, Benoit</creatorcontrib><creatorcontrib>Tibouchi, Mehdi</creatorcontrib><title>Loop-Abort Faults on Lattice-Based Signature Schemes and Key Exchange Protocols</title><title>IEEE transactions on computers</title><addtitle>TC</addtitle><description>Although postquantum cryptography is of growing practical concern, not many works have been devoted to implementation security issues related to postquantum schemes. In this paper, we look in particular at fault attacks against implementations of lattice-based signatures and key exchange protocols. For signature schemes, we are interested both in Fiat-Shamir type constructions (particularly BLISS, but also GLP, PASSSign, and Ring-TESLA) and in hash-and-sign schemes (particularly the GPV-based scheme of Ducas-Prest-Lyubashevsky). For key exchange protocols, we study the implementations of NewHope, Frodo, and Kyber. These schemes form a representative sample of modern, practical lattice-based signatures and key exchange protocols, and achieve a high level of efficiency in both software and hardware. We present several fault attacks against those schemes that recover the entire key recovery with only a few faulty executions (sometimes only one), show that those attacks can be mounted in practice based on concrete experiments in hardware, and discuss possible countermeasures against them.</description><subject>Cryptography</subject><subject>Digital signatures</subject><subject>Exchanging</subject><subject>Fault attacks</subject><subject>Hardware</subject><subject>Lattices</subject><subject>postquantum cryptography</subject><subject>Private networks</subject><subject>Protocols</subject><subject>Signatures</subject><subject>Software</subject><subject>Storage area networks</subject><issn>0018-9340</issn><issn>1557-9956</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2018</creationdate><recordtype>article</recordtype><recordid>eNotjcFOAjEURRujiYiuXbhp4rrY10477RIJqHESTMD1pHQeMASm2HYS-XtJcHUW9-QeQh6BjwC4fVlORoKDGQkjJYC9IgNQqmTWKn1NBvw8MSsLfkvuUtpxzrXgdkDmVQhHNl6FmOnM9fucaOho5XJuPbJXl7Chi3bTudxHpAu_xQMm6rqGfuKJTn_91nUbpF8x5ODDPt2Tm7XbJ3z455B8z6bLyTur5m8fk3HFWsFlZtI3gL7gKJTAApwE1ShbcGj0ShRarLUpdaFBCCe8dugUWLMGo61x1jVeDsnz5fcYw0-PKde70MfunKwFQAlGlFKfraeL1SJifYztwcVTbaQqjC3lHxFLV-M</recordid><startdate>20181101</startdate><enddate>20181101</enddate><creator>Espitau, Thomas</creator><creator>Fouque, Pierre-Alain</creator><creator>Gerard, Benoit</creator><creator>Tibouchi, Mehdi</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0002-7655-9594</orcidid><orcidid>https://orcid.org/0000-0002-0598-2387</orcidid><orcidid>https://orcid.org/0000-0002-2736-2963</orcidid></search><sort><creationdate>20181101</creationdate><title>Loop-Abort Faults on Lattice-Based Signature Schemes and Key Exchange Protocols</title><author>Espitau, Thomas ; Fouque, Pierre-Alain ; Gerard, Benoit ; Tibouchi, Mehdi</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i203t-3cd1ec40e252e41a315d59401d6b2462f687646122a2c6aea5198f18698a9adc3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2018</creationdate><topic>Cryptography</topic><topic>Digital signatures</topic><topic>Exchanging</topic><topic>Fault attacks</topic><topic>Hardware</topic><topic>Lattices</topic><topic>postquantum cryptography</topic><topic>Private networks</topic><topic>Protocols</topic><topic>Signatures</topic><topic>Software</topic><topic>Storage area networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Espitau, Thomas</creatorcontrib><creatorcontrib>Fouque, Pierre-Alain</creatorcontrib><creatorcontrib>Gerard, Benoit</creatorcontrib><creatorcontrib>Tibouchi, Mehdi</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Xplore</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on computers</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Espitau, Thomas</au><au>Fouque, Pierre-Alain</au><au>Gerard, Benoit</au><au>Tibouchi, Mehdi</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Loop-Abort Faults on Lattice-Based Signature Schemes and Key Exchange Protocols</atitle><jtitle>IEEE transactions on computers</jtitle><stitle>TC</stitle><date>2018-11-01</date><risdate>2018</risdate><volume>67</volume><issue>11</issue><spage>1535</spage><epage>1549</epage><pages>1535-1549</pages><issn>0018-9340</issn><eissn>1557-9956</eissn><coden>ITCOB4</coden><abstract>Although postquantum cryptography is of growing practical concern, not many works have been devoted to implementation security issues related to postquantum schemes. In this paper, we look in particular at fault attacks against implementations of lattice-based signatures and key exchange protocols. For signature schemes, we are interested both in Fiat-Shamir type constructions (particularly BLISS, but also GLP, PASSSign, and Ring-TESLA) and in hash-and-sign schemes (particularly the GPV-based scheme of Ducas-Prest-Lyubashevsky). For key exchange protocols, we study the implementations of NewHope, Frodo, and Kyber. These schemes form a representative sample of modern, practical lattice-based signatures and key exchange protocols, and achieve a high level of efficiency in both software and hardware. We present several fault attacks against those schemes that recover the entire key recovery with only a few faulty executions (sometimes only one), show that those attacks can be mounted in practice based on concrete experiments in hardware, and discuss possible countermeasures against them.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TC.2018.2833119</doi><tpages>15</tpages><orcidid>https://orcid.org/0000-0002-7655-9594</orcidid><orcidid>https://orcid.org/0000-0002-0598-2387</orcidid><orcidid>https://orcid.org/0000-0002-2736-2963</orcidid></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0018-9340 |
| ispartof | IEEE transactions on computers, 2018-11, Vol.67 (11), p.1535-1549 |
| issn | 0018-9340 1557-9956 |
| language | eng |
| recordid | cdi_ieee_primary_8354897 |
| source | IEEE Electronic Library (IEL) Journals |
| subjects | Cryptography Digital signatures Exchanging Fault attacks Hardware Lattices postquantum cryptography Private networks Protocols Signatures Software Storage area networks |
| title | Loop-Abort Faults on Lattice-Based Signature Schemes and Key Exchange Protocols |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-09-23T00%3A25%3A13IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Loop-Abort%20Faults%20on%20Lattice-Based%20Signature%20Schemes%20and%20Key%20Exchange%20Protocols&rft.jtitle=IEEE%20transactions%20on%20computers&rft.au=Espitau,%20Thomas&rft.date=2018-11-01&rft.volume=67&rft.issue=11&rft.spage=1535&rft.epage=1549&rft.pages=1535-1549&rft.issn=0018-9340&rft.eissn=1557-9956&rft.coden=ITCOB4&rft_id=info:doi/10.1109/TC.2018.2833119&rft_dat=%3Cproquest_ieee_%3E2117182736%3C/proquest_ieee_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i203t-3cd1ec40e252e41a315d59401d6b2462f687646122a2c6aea5198f18698a9adc3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2117182736&rft_id=info:pmid/&rft_ieee_id=8354897&rfr_iscdi=true |