BEARZ Attack FALCON: Implementation Attacks with Countermeasures on the FALCON Signature Scheme

McCarthy, Sarah; Howe, James; Smyth, Neil; Brannigan, Séamus; O’Neill, Máire

doi:10.5220/0007834800610071

Cited by 9 publications

(7 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Besides this timing attack another team [21] created a fault attack that could also retrieve the private key, but they propose a countermeasure for this is detecting the fault attack by verifying the own signature, which can take further advantage of FALCONs fast ( 3ms) verification time.…”

Section: Falcon and Dilithiummentioning

confidence: 99%

Quantum-resistant digital signatures schemes for low-power IoT

Hattenbach

2021

Preprint

View full text Add to dashboard Cite

Quantum computers are on the horizon to get to a sufficient size that will then be able to break pretty much all the encryption and signature schemes we currently use. This is the case for human interface devices as well as for IoT nodes. In this paper i am comparing some signature schemes currently in the process of standardization by the NIST. After explaining the underlying basis on why some schemes are different in some aspects compared to others i will evaluate which currently available implementations are better suited for usage in IoT usecases. We will come to further focus on the most promising schemes FALCON and Dilithium, which differ in one signifiant aspect that makes FALCON worse for signing but very good for verification purposes.

show abstract

Section: Falcon and Dilithiummentioning

confidence: 99%

Quantum-resistant digital signatures schemes for low-power IoT

Hattenbach

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Attacks against lattice based signature schema have also been practically demonstrated using ARM Cortex-M4 as target [31]. Similar principles have been exploited to recover the key of the FALCON algorithm [32].…”

Section: Lattice-based Cryptography In Hardwarementioning

confidence: 99%

Post-Quantum Cryptography: Challenges and Opportunities for Robust and Secure HW Design

Bellizia

Mrabet

Fournaris

et al. 2021

2021 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT)

View full text Add to dashboard Cite

Post-Quantum Cryptography (PQC) will become soon the standard for many systems of the future. With the advent of quantum computers, all encrypted communications based on traditional asymmetric cryptography (e.g., RSA, ECC) will become insecure. The definition the PQC standards is an on going process proceeding at a fast pace, involving new and largely unexplored cryptographic primitives. For this reason, the design of hardware implementations of PQC algorithms is still under study. In this paper, we introduce the fundamentals of PQC, with a focus on lattice-based cryptography and its hardware security issues, namely side-channel and fault-based attacks. Then, we focus on isogeny-based cryptography and the SIKE algorithm. We highlight the importance of fault-tolerant design choices through the presentation of a fault attack, based on the electromagnetic injection of transient faults, targeting this cryptographic primitive. Finally, we show an interesting idea that starts from the observation that some PQC algorithms have an intrinsic probabilistic behavior. We argue that this characteristic is a clear opportunity that paves the way for the application of approximate (or inexact) computing to the implementation of PQC cryptography.

show abstract

“…As noted above, the side-channel security of Fiat-Shamir latticebased signature has been studied extensively, including in [7,43,14,6,4,50]. However, the only implementation attacks we are aware of against hash-and-sign schemes are fault analysis papers [15,35]: side-channel attacks have not been described so far to the best of our knowledge.…”

Section: Related Workmentioning

confidence: 99%

“…As a result, the recovery algorithm has to be combined with some pruned tree search in order to account for approximate inputs. In practice, for the larger parameters of DLP signatures (with a claimed security level of 192 bits), we manage to recover the key with good probability using 2 33 to 2 35 DLP timing traces.…”

Section: Introductionmentioning

confidence: 99%

Key Recovery from Gram–Schmidt Norm Leakage in Hash-and-Sign Signatures over NTRU Lattices

Fouque

Kirchner

Tibouchi

et al. 2020

Advances in Cryptology – EUROCRYPT 2020

View full text Add to dashboard Cite

In this paper, we initiate the study of side-channel leakage in hash-and-sign lattice-based signatures, with particular emphasis on the two efficient implementations of the original GPV lattice-trapdoor paradigm for signatures, namely NIST second-round candidate Falcon and its simpler predecessor DLP. Both of these schemes implement the GPV signature scheme over NTRU lattices, achieving great speed-ups over the general lattice case. Our results are mainly threefold.First, we identify a specific source of side-channel leakage in most implementations of those schemes, namely, the one-dimensional Gaussian sampling steps within lattice Gaussian sampling. It turns out that the implementations of these steps often leak the Gram-Schmidt norms of the secret lattice basis.Second, we elucidate the link between this leakage and the secret key, by showing that the entire secret key can be efficiently reconstructed solely from those Gram-Schmidt norms. The result makes heavy use of the algebraic structure of the corresponding schemes, which work over a power-of-two cyclotomic field.Third, we concretely demonstrate the side-channel attack against DLP (but not Falcon due to the different structures of the two schemes). The challenge is that timing information only provides an approximation of the Gram-Schmidt norms, so our algebraic recovery technique needs to be combined with pruned tree search in order to apply it to approximate values. Experimentally, we show that around 2 35 DLP traces are enough to reconstruct the entire key with good probability.

show abstract

BEARZ Attack FALCON: Implementation Attacks with Countermeasures on the FALCON Signature Scheme

Cited by 9 publications

References 0 publications

Quantum-resistant digital signatures schemes for low-power IoT

Quantum-resistant digital signatures schemes for low-power IoT

Post-Quantum Cryptography: Challenges and Opportunities for Robust and Secure HW Design

Key Recovery from Gram–Schmidt Norm Leakage in Hash-and-Sign Signatures over NTRU Lattices

Contact Info

Product

Resources

About