Luyao Xu,Zhengyi Dai,Baofeng Wu,Dongdai Lin

DOI: https://doi.org/10.46586/tches.v2023.i2.568-586

2023-01-01

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Lattice reduction algorithms have been proved to be one of the most powerful and versatile tools in public key cryptanalysis. In this work, we primarily concentrate on lattice attacks against (EC)DSA with nonce leakage via some sidechannel analysis. Previous works relying on lattice reduction algorithms such as LLL and BKZ will finally lead to the “lattice barrier”: lattice algorithms become infeasible when only fewer nonce is known. Recently, Albrecht and Heninger introduced lattice algorithms augmented with a predicate and broke the lattice barrier (Eurocrypt 2021). We improve their work in several aspects. We first propose a more efficient predicate algorithm which aims to search for the target lattice vector in a large database. Then, we combine sieving with predicate algorithm with the “dimensions for free” and “progressive sieving” techniques to further improve the performance of our attacks. Furthermore, we give a theoretic analysis on how to choose the optimal Kannan embedding factor. As a result, our algorithm outperforms the state-of-the-art lattice attacks for existing records such as 3-bit nonce leakage for a 256-bit curve and 2-bit nonce leakage for a 160-bit curve in terms of running time, sample numbers and success probability. We also break the lattice records on the 384-bit curve with 3-bit nonce leakage and the 256-bit curve with 2-bit nonce leakage which are thought infeasible previously. Finally, we give the first lattice attack against ECDSA with a single-bit nonce leakage, which enables us to break a 112-bit curve with 1-bit nonce leakage in practical time.

Kaiyu Zhang,Sen Xu,Dawu Gu,Haihua Gu,Junrong Liu,Zheng Guo,Ruitong Liu,Liang Liu,Xiaobo Hui

DOI: https://doi.org/10.1109/cis.2017.00061

2017-01-01

Abstract:Power analysis against elliptic curve digital signature algorithm (ECDSA) has been researched for many years. Nowadays traditional methods like simple power analysis (SPA) or differential power analysis (DPA) are no longer effective against secure ECDSA implementations. In this situation, Howgrave-Graham and Smart introduced a new lattice-based attack to recover the secret key of Digital Signature Algorithm (DSA) even if only several bits of the nonce are revealed. Later Nguyen and Shparlinski extended the attack to ECDSA. In this paper, we further extend the attack to SM2 Digital Signature Algorithm (SM2-DSA), which is a Chinese version of ECDSA. We implemented the secure SM2-DSA implementation on Atmega128 microcontroller to evaluate its security under lattice attack. We performed experiments with different parameter configuration to find optimal key-recovery strategies. We also performed the same experiments on ECDSA to show that due to the differences on scheme between the two algorithms, lattice attack on SM2-DSA is harder than on ECDSA.

Yuejun Liu,Yongbin Zhou,Shuo Sun,Tianyu Wang,Rui Zhang,Jingdian Ming

DOI: https://doi.org/10.1109/tifs.2020.3045904

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Leakages during the signing process, including partial key exposure and partial (or complete) randomness exposure, may be devastating for the security of digital signatures. In this work, we investigate the security of lattice-based Fiat-Shamir signatures in the presence of randomness leakage. To this end, we present a generic key recovery attack that relies on minimum leakage of randomness, and then theoretically connect it to a variant of Integer-LWE (ILWE) problem. The ILWE problem, introduced by Bootle et al. at Asiacrypt 2018, is to recover the secret vector s given polynomially many samples of the form $({text{a}}, langle {text{a}}, {text{s}} rangle + text {e}) in mathbb {Z}^{text {n}+1}$ , and it is solvable if the error $text {e} in mathbb {Z}$ is not superpolynomially larger than the inner product $langle {text{a}}, {text{s}} rangle $ . However, in our variant (we call the variant FS-ILWE problem in this paper), ${text{a}}in mathbb {Z}^{text {n}}$ is a sparse vector whose coefficients are NOT independent any more, and e is related to a and s as well. We prove that the FS-ILWE problem can be solved in polynomial time, and present an efficient algorithm to solve it. Our generic key recovery method directly implies that many lattice-based Fiat-Shamir signatures will be totally broken with one (deterministic or probabilistic) bit of randomness leakage per signature. Our attack has been validated by experiments on two NIST PQC signatures Dilithium and qTESLA. For example, as to Dilithium-III of 125-bit quantum security, the secret key will be recovered within 10 seconds over an ordinary PC desktop, with about one million signatures. Similar-y, key recovery attacks on Dilithium under other parameters and qTESLA will be completed within 20 seconds and 31 minutes respectively. In addition, we also present a non-profiled attack to show how to obtain the required randomness bit in practice through power analysis attacks on a proof-of-concept implementation of polynomial addition. The experimental results confirm the practical feasibility of our method.

computer science, theory & methods,engineering, electrical & electronic

Ping Zhou,Tao Wang,Fan Zhang,Xinjie Zhao

DOI: https://doi.org/10.13245/j.hust.180305

2018-01-01

Abstract:Previous flush-reload cache attacks cannot be directly adopted to SM2 digital signature algorithm.In this paper,an improved method for selecting the monitored address in flush-reload cache attacks on SM2 was proposed.By taking advantage of multiple cache accesses caused by function callings, the cache lines which contain call instructions were selected to be the monitored addresses in order to increase the accuracy.The experimental results show that the proposed method makes the flush-reload attack on SM2 feasible and effective.The 256 bit scalark can be recovered with a bit errors rate as only 1.09％ by the side channel information of a single signing.The full private key can be recovered with a success rate as 59％ through 64 times exhaustive research.

Fan Zhang,Zhijie Jerry Shi

DOI: https://doi.org/10.1109/ITNG.2008.183

2008-01-01

Abstract:Elliptic curve cryptography (ECC) has been adopted in many systems because it requires shorter keys than traditional public-key algorithms in primary fields. However, power analysis attacks can exploit the power consumption of ECC devices to retrieve secret keys. In this paper, we propose an efficient window-based countermeasure that is secure against existing power analysis attacks. Compared to previous counter- measures, our method has low memory overhead, requiring only a table of w+1 entries when the window size is w bits. It also has better performance than many algorithms that perform one point addition or subtraction for every bit in the scalar.

Zhenbin Zhang,Liji Wu,Zhaoli Mu,Xiangmin Zhang

DOI: https://doi.org/10.1109/CIS.2014.66

2014-01-01

Abstract:Template attack is more powerful than SPA and CPA in some situations. In this paper, a novel template attack named DTTA is proposed to attack the wNAF algorithm of ECC. SM2 is the Chinese public key cryptosystem standard issued in 2010. Few results of side channel attack on SM2 have been found so far. We exploit the Riscure platform to analyze decryption of SM2 in a smart IC card. We also compare 3 kinds of method which used in template matching phase. Experiment results show that template matching method of multivariate normal distribution is superior to correlation method or LSM. The maximum success rate of template matching can be 88%. That means a 256-bit private key of SM2 can be recovered 225 bits by only acquiring one measurement of SM2 decryption in average. Some general countermeasures is not safe enough for DTTA. Defensive strategy should exploit the combination of multiple countermeasures to resist DTTA.

Ping Zhou,Tao Wang,Xiaoxuan Lou,Xinjie Zhao,Fan Zhang,Shize Guo

DOI: https://doi.org/10.1007/s11432-017-9108-3

2017-01-01

Science China Information Sciences

Abstract:Dear editor, Cache timing attack is a very powerful side channel attack technique to break cryptographic implementations.Recently,Flush-Reload,a new type of cache attacks,was proposed to attack cryptographic implementations on multi-core platforms.It utilizes a spy processes S to monitor the victim process V which shares the same memory pages.S flushes the specific memory lines of V,evicts data from all levels of caches,and then reloads these memory lines into cache.The corresponding loading time can be measured,therefore the victim's accesses to the specific instructions can be monitored.

Daniel Heinz,Thomas Popelmann

DOI: https://doi.org/10.1109/tc.2022.3197073

IF: 3.183

2023-03-15

IEEE Transactions on Computers

Abstract:The progress on constructing quantum computers and the ongoing standardization of post-quantum cryptography (PQC) have led to the development and refinement of promising new digital signature schemes and key encapsulation mechanisms (KEM). Especially lattice-based schemes have gained some popularity in the research community, presumably due to acceptable key, ciphertext, and signature sizes as well as good performance results and cryptographic strength. However, in some practical applications like smart cards, it is also crucial to secure cryptographic implementations against side-channel and fault attacks. In this work, we analyze the so-called redundant number representation (RNR) that can be used to counter side-channel attacks. We show how to avoid security issues with the RNR due to unexpected de-randomization and we apply it to the Kyber KEM and show that the RNR has a very low overhead. We then verify the RNR methodology by practical experiments, using the non-specific t-test methodology and the ChipWhisperer platform. Furthermore, we present a novel countermeasure against fault attacks based on the Chinese remainder theorem (CRT). On an ARM Cortex-M4, our implementation of the RNR and fault countermeasure offers better performance than masking and redundant calculation. Our methods thus have the potential to expand the toolbox of a defender implementing lattice-based cryptography with protection against two common physical attacks.

engineering, electrical & electronic,computer science, hardware & architecture

Liang Dong,Hongxin Zhang,Lei Zhu,Shaofei Sun,Han Gan,Fan Zhang

DOI: https://doi.org/10.1109/access.2019.2901753

IF: 3.9

2019-01-01

IEEE Access

Abstract:This paper presents an optimal method for recovering the secret keys of the light encryption device (LED) by combining the impossible differential fault attack with the algebraic differential fault attack. The proposed optimal method effectively improves the performance of fault attacks. A fault attack model, named the redundant random nibble fault model (RRNFM), is proposed to simulate a multiple fault injection in a real-world environment. Using the optimal method and the RRNFM, the 64-bit secret key of LED can be recovered by injecting no more than six faults in 1300 experiments. We establish an equation of inverse proportionality between the number of faults injected and the remaining amount of the secret key. Using the equation, the number of fault injection can be accurately predicted, providing an effective way of evaluating fault attacks.

Jianhua Yan,Xiuhua Lu,Muzi Li,Licheng Wang,Jingxian Zhou,Wenbin Yao

DOI: https://doi.org/10.3390/e25121651

2023-12-13

Abstract:Based on the NTRU trapdoor used in NIST's Falcon, a signcryption scheme following the sign-then-encrypt paradigm is constructed. The existing partitioning technique based on Waters hash over the lattice can not complete the security reduction in the standard model for the signature part due to the "partiality" of the pre-image generated with the NTRU trapdoor. To address this, a variant of Waters hash over small integers is proposed and, the probability of the successful reduction is analyzed. The resulting signcryption achieves existential unforgeability under the adaptive chosen-message attacks. By utilizing the uniqueness of the secret and the noise in an NTRU instance, the tag used in encryption is eliminated. Furthermore, a method to construct tamper-sensitive lattice public key encryption is proposed. This approach implants the ciphertext-sensitive information into the lattice public key encryption and binds it to the encrypted information. The malleability to the public key ciphertext triggers the change of the message-signature pair so that the IND-CCA2 security of the entire ciphertext can be guaranteed by the signature for the message. Thanks to the rational design and the efficiency of the NTRU trapdoor, the computational overhead of the proposed scheme is reduced significantly compared to the existing lattice-based signcryption scheme, reaching orders of magnitude improvement in efficiency. The experiment shows that the proposed scheme is efficient.

Prasanna Ravi,Bolin Yang,Shivam Bhasin,Fan Zhang,Anupam Chattopadhyay

DOI: https://doi.org/10.46586/tches.v2023.i2.447-481

2023-01-01

Abstract:In this work, we present the first fault injection analysis of the Number Theoretic Transform (NTT). The NTT is an integral computation unit, widely used for polynomial multiplication in several structured lattice-based key encapsulation mechanisms (KEMs) and digital signature schemes. We identify a critical single fault vulnerability in the NTT, which severely reduces the entropy of its output. This in turn enables us to perform a wide-range of attacks applicable to lattice-based KEMs as well as signature schemes. In particular, we demonstrate novel key recovery and message recovery attacks targeting the key generation and encryption procedure of Kyber KEM. We also propose novel existential forgery attacks targeting deterministic and probabilistic signing procedure of Dilithium, followed by a novel verification bypass attack targeting its verification procedure. All proposed exploits are demonstrated with high success rate using electromagnetic fault injection on optimized implementations of Kyber and Dilithium, from the open-source pqm4 library on the ARM Cortex-M4 microcontroller. We also demonstrate that our proposed attacks are capable of bypassing concrete countermeasures against existing fault attacks on lattice-based KEMs and signature schemes. We believe our work motivates the need for more research towards development of countermeasures for the NTT against fault injection attacks.

Qianmei Wu,Fan Zhang,Shize Guo,Kun Yang,Haoting Shen

DOI: https://doi.org/10.1109/tc.2024.3416682

IF: 3.183

2024-01-01

IEEE Transactions on Computers

Abstract:As a common defense against side-channel attacks, random delay insertion introduces noise into the executive flow of encryption, which increases attack complexity. Accordingly, various techniques are exploited to mitigate the defense effect of such insertions. As an advanced mathematical technique, wavelet analysis is considered to be a more effective technology according to its detailed and comprehensive interpretation of signals. In this paper, we propose a unified and fully automated wavelet-based attack framework (denoted as UWAF), whose data processing is kept within one unified wavelet domain, with three enhanced components: denoising, alignment and key extraction. We put forward a new idea of combining machine learning with wavelet analysis to realize the full automation of the program for attack framework, rendering it possible to search exhaustively for the optimal combination of parameter settings in wavelet transform. Our proposal finds a new setting of wavelet parameters that have not been exploited ever before and achieves the performance enhancement for about 20 times fewer traces required for successful key recovery. UWAF is compared with several mainstream attack frameworks. Experimental results show that it outperforms those counterparts, and can be considered as an effective framework-level solution to defeat the countermeasure of random delay insertion.

Zhuang Xu,Owen Pemberton,Sujoy Sinha Roy,David Oswald,Wang Yao,Zhiming Zheng,Owen Michael Pemberton

DOI: https://doi.org/10.1109/tc.2021.3122997

IF: 3.183

2022-01-01

IEEE Transactions on Computers

Abstract:Lattice-based cryptography, as an active branch of post-quantum cryptography (PQC), has drawn great attention from side-channel analysis researchers in recent years. Despite the various side-channel targets examined in previous studies, detail on revealing the secret-dependent information efficiently is less studied. In this paper, we propose adaptive EM side-channel attacks with carefully constructed ciphertexts on Kyber, which is a finalist of NIST PQC standardization project. We demonstrate that specially chosen ciphertexts allow an adversary to modulate the leakage of a target device and enable full key extraction with a small number of traces through simple power analysis. Compared to prior research, our techniques require fewer traces and avoid building complex templates. We practically evaluate our methods using both a reference implementation and the ARM-specific implementation in pqm4 library. For the reference implementation, we target the leakage of the output of the inverse NTT computation and recover the full key with only four traces. For the pqm4 implementation, we develop a message-recovery attack that leads to extraction of the full secret key with between eight and 960 traces, depending on the compiler optimization level. We discuss the relevance of our findings to other lattice-based schemes and explore potential countermeasures.

engineering, electrical & electronic,computer science, hardware & architecture

Emily Wenger,Eshika Saxena,Mohamed Malhou,Ellie Thieu,Kristin Lauter

2024-10-10

Abstract:Lattice cryptography schemes based on the learning with errors (LWE) hardness assumption have been standardized by NIST for use as post-quantum cryptosystems, and by <a class="link-external link-http" href="http://HomomorphicEncryption.org" rel="external noopener nofollow">this http URL</a> for encrypted compute on sensitive data. Thus, understanding their concrete security is critical. Most work on LWE security focuses on theoretical estimates of attack performance, which is important but may overlook attack nuances arising in real-world implementations. The sole existing concrete benchmarking effort, the Darmstadt Lattice Challenge, does not include benchmarks relevant to the standardized LWE parameter choices - such as small secret and small error distributions, and Ring-LWE (RLWE) and Module-LWE (MLWE) variants. To improve our understanding of concrete LWE security, we provide the first benchmarks for LWE secret recovery on standardized parameters, for small and low-weight (sparse) secrets. We evaluate four LWE attacks in these settings to serve as a baseline: the Search-LWE attacks uSVP, SALSA, and Cool & Cruel, and the Decision-LWE attack: Dual Hybrid Meet-in-the-Middle (MitM). We extend the SALSA and Cool & Cruel attacks in significant ways, and implement and scale up MitM attacks for the first time. For example, we recover hamming weight $9-11$ binomial secrets for KYBER ($\kappa=2$) parameters in $28-36$ hours with SALSA and Cool\&Cruel, while we find that MitM can solve Decision-LWE instances for hamming weights up to $4$ in under an hour for Kyber parameters, while uSVP attacks do not recover any secrets after running for more than $1100$ hours. We also compare concrete performance against theoretical estimates. Finally, we open source the code to enable future research.

Cryptography and Security

Yang Yu,Huiwen Jia,Xiaoyun Wang

2023-05-21

Abstract:This work aims to improve the practicality of gadget-based cryptosystems, with a focus on hash-and-sign signatures. To this end, we develop a compact gadget framework in which the used gadget is a square matrix instead of the short and fat one used in previous constructions. To work with this compact gadget, we devise a specialized gadget sampler, called semi-random sampler, to compute the approximate preimage. It first deterministically computes the error and then randomly samples the preimage. We show that for uniformly random targets, the preimage and error distributions are simulatable without knowing the trapdoor. This ensures the security of the signature applications. Compared to the Gaussian-distributed errors in previous algorithms, the deterministic errors have a smaller size, which lead to a substantial gain in security and enables a practically working instantiation. As the applications, we present two practically efficient gadget-based signature schemes based on NTRU and Ring-LWE respectively. The NTRU-based scheme offers comparable efficiency to Falcon and Mitaka and a simple implementation without the need of generating the NTRU trapdoor. The LWE-based scheme also achieves a desirable overall performance. It not only greatly outperforms the state-of-the-art LWE-based hash-and-sign signatures, but also has an even smaller size than the LWE-based Fiat-Shamir signature scheme Dilithium. These results fill the long-term gap in practical gadget-based signatures.

Cryptography and Security

Tao, Zhang,Mingyu, Fan,Xiaoyu, Zheng

2009-01-01

Abstract:An embedded cryptosystem needs higher reconfiguration capability and security. After analyzing the newly emerging side-channel attacks on elliptic curve cryptosystem (ECC), an efficient fractional width-w NAF (FWNAF) algorithm is proposed to secure ECC scalar multiplication from these attacks. This algorithm adopts the fractional window method and probabilistic SPA scheme to reconfigure the pre-computed table, and it allows designers to make a dynamic configuration on pre-computed table. And then, it is enhanced to resist SPA, DPA, RPA and ZPA attacks by using the random masking method. Compared with the WBRIP and EBRIP methods, our proposals has the lowest total computation cost and reduce the shake phenomenon due to sharp fluctuation on computation performance.

Amit Jana,Goutam Paul

DOI: https://doi.org/10.1007/s13389-024-00354-4

2024-05-26

Journal of Cryptographic Engineering

Abstract:This paper presents the first instance of a successful differential fault attack ( DFA ) on the nonce-based authentication scheme PHOTON-BEETLE , which was a finalist but not the winner of the NIST LwC competition. Furthermore, the paper also reveals the first differential fault attacks on several other NIST LwC schemes, including ORANGE , SIV-TEM-PHOTON , and ESTATE , which are based on sponge and SIV techniques. In general, it is a challenging task to perform DFA for any nonce-based sponge/ SIV -based AE because of a unique nonce in the encryption query. However, the decryption procedure (with a fixed nonce) is still susceptible to DFA . We propose different fault attack models, and also give theoretical estimates of the number of faulty queries to get multiple forgeries. Our simulated values corroborate closely the theoretical estimates. Finally, we devise an algorithm to recover the state based on the collected forgeries. Under the random fault attack model, to retrieve the secret key, we need approximately number of faulty queries. Also, the offline time and memory complexities of this attack are respectively and nibbles. Whereas, under the random bit fault attack model, around number of faulty queries are required to retrieve the key for PHOTON -based schemes and for AES -based scheme ESTATE . In the known fault attack model, we need around number of faulty queries to retrieve the secret key for PHOTON -based schemes and for AES -based scheme ESTATE . The time and memory complexities of the state recovery attack (for PHOTON -based schemes) are respectively and nibbles. Further, we have reduced the number of faulty queries to under the precise bit-flip fault model.

computer science, theory & methods

Alexandre Berzati,Andersson Calle Viera,Maya Chartouny,Steven Madec,Damien Vergnaud,David Vigilant

DOI: https://doi.org/10.46586/tches.v2023.i4.188-210

2023-08-31

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:This paper presents a new profiling side-channel attack on CRYSTALSDilithium, the new NIST primary standard for quantum-safe digital signatures. An open source implementation of CRYSTALS-Dilithium is already available, with constant-time property as a consideration for side-channel resilience. However, this implementation does not protect against attacks that exploit intermediate data leakage. We show how to exploit a new leakage on a vector generated during the signing process, for which the costly protection by masking is still a matter of debate. With a corpus of 700 000 messages, we design a template attack that enables us to efficiently predict whether a given coefficient in one coordinate of this vector is zero or not. By gathering signatures and being able to make the correct predictions for each index, and then using linear algebra methods, this paper demonstrates that one can recover part of the secret key that is sufficient to produce universal forgeries. While our paper deeply discusses the theoretical attack path, it also demonstrates the validity of the assumption regarding the required leakage model from practical experiments with the reference implementation on an ARM Cortex-M4. We need approximately a day to collect enough representatives and one more day to perform the traces acquisition on our target.

Hongfei Zhu,Yu-an Tan,Xiaosong Zhang,Liehuang Zhu,Changyou Zhang,Jun Zheng

DOI: https://doi.org/10.1016/j.future.2017.01.031

IF: 7.307

2017-01-01

Future Generation Computer Systems

Abstract:To process rapidly growing Big Data, many organizations migrate their data and services such as e-voting and e-payment systems to the cloud. In these two systems, blind signature has become an essential cryptographic primitive since it allows the signer to sign a message without learning what he signs. Thus, it can guarantee trustworthy of Big Data. However, most blind signature schemes based on factoring and discrete logarithm problems cannot resist quantum computer attacks. The alternative blind signature schemes are based on lattice. Here, we present a round-optimal lattice-based blind signature scheme constructed on the closest vector problem using infinity norm. Firstly, our scheme is proven blind and one-more unforgeable, and is resistant to brute-force attacks, theoretical-timing attacks, and Nguyen–Regev attacks. Secondly, our scheme outperforms the RSA, the Schnorr, and the ECC blind signature schemes in terms of efficiency and security. Also, it outperforms the Rückert’s blind signature in terms of signature length, moves, and security. Finally, our scheme outperforms the Rückert’s blind signature in terms of communication and computation energy costs. Additionally, it outperforms the RSA blind signature in terms of communication energy cost.

Miaomiao Tian,Liusheng Huang

DOI: https://doi.org/10.1504/IJESDF.2013.058658

2013-01-01

Abstract:The message recovery signature scheme is a very useful signature scheme in which the verification of signature does not require appended message, because the message can be easily recovered from the signature. Although message recovery signatures based on conventional number-theoretic problems have been achieved, it is still unknown whether message recovery signature can be implemented based on lattices, which are receiving considerable attention in cryptographic community since they are resistant to quantum computer's attacks. This paper provides a positive answer to the above question by presenting two concrete lattice-based message recovery signature schemes. The two schemes make use of the efficient lattice-based signature scheme recently created by Lyubashevsky and presented at EUROCRYPT 2012. Our constructions are proved to be secure in the random oracle model under the short integer solution assumption. Compared with Lyubashevsky signature scheme, our schemes are more efficient in terms of communication overhead.