Analysis of Dilithium post-quantum electronic signature resistance to fault attacks
DOI:
https://doi.org/10.30837/rt.2020.3.202.04Keywords:
electronic signature, post-quantum cryptography, security, differential fault attack, countermeasures.Abstract
Analysis of a perspective variant of post-quantum electronic signature based on algebraic lattices of Dilithium is carried out. The central task of the analysis is to study the resistance of Dilithium to fault attacks, in particular differential ones. First, information is given about the ES scheme itself and its security, fault attacks, their development to differential fault attacks. Possibilities of carrying out these attacks and criteria of their successful execution are considered. The places of the ES algorithm that need protection against fault attacks were identified, such as hash function (the moment of access to it and operation of polynomials multiplying), the stage of loading the private key, the function of expanding seed. Also, nonce reuse and partial nonce reuse when generating keys poses a significant threat, and by carrying out such an attack, the attacker can fully recover the long-term Dilithium private key. Attacks countermeasures are formed based on the sources analysis, their advantages and negative effects are presented. Methods of protection against such attacks are: re-calculation of the signature; verification of signature after signing, which is three times faster than the previous method; introducing additional randomness to the deterministic noise sampling; checking the value of secret and false components (nonce); calculating the average value and variance of the sample, and checking them for belonging to a given range. The results of this work provide researchers with a guide for the development of secure post-quantum electronic signature schemes.References
CRYSTALS-Dilithium. Algorithm Specifications and Supporting Documentation. Access mode https://pq-crystals.org/dilithium/data/dilithium-specification-round2.pdf
Відео-конференція NIST. Режим доступу: https://icmconference.org/?page_id=14324
Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. On the Importance of CheckingCryptographic Protocols for Faults (Extended Abstract). InEUROCRYPT, Lecture Notesin Computer Science, pages 37–51. Springer, 1997.
Eli Biham and Adi Shamir. Differential Fault Analysis of Secret Key Cryptosystems. InCRYPTO, Lecture Notes in Computer Science, pages 513–525. Springer, 1997.
H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, and C. Whelan. The sorcerer’s apprentice guide to fault attacks // Proceedings of the IEEE, vol. 94, no. 2, pp. 370–382, 2006.
Y. Kim, R. Daly, J. Kim, C. Fallin, J. H. Lee, D. Lee, C. Wilkerson, K. Lai, and O. Mutlu. Flipping bits in memorywithout accessing them: An experimental study of dram disturbance errors // SIGARCH Comput. Archit. News, vol. 42,no. 3, pp. 361–372, Jun. 2014. Access mode: http://doi.acm.org/10.1145/2678373.2665726
Leon Groot Bruinderink and Peter Pessl. Differential Fault Attacks on Deterministic Lattice Signatures // Access mode: https://eprint.iacr.org/2018/355.pdf
Vadim Lyubashevsky, Chris Peikert and Oded Regev. A Toolkit for Ring-LWE Cryptography. // EUROCRYPT, volume 7881 ofLecture Notes inComputer Science, pages 35–54. Springer, 2013.
Prasanna Ravi1, Debapriya Basu Roy, Shivam Bhasin, Anupam Chattopadhyay, and Debdeep Mukhopadhyay. Number "Not Used" Once – Practical fault attack on pqm4 implementations of NIST candidates. Access mode: https://eprint.iacr.org/2018/211.pdf
Christopher Ambrose, Joppe W. Bos, Björn Fay, Marc Joye, Manfred Lochter, and Bruce Murray. Differential Attacks on Deterministic Signatures // CT-RSA, volume 10808 of LNCS, pages 339–353. Springer, 2018.
Vadim Lyubashevsky, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Peter Schwabe, Gregor Seiler and Damien Stehlé // CRYSTALS-Dilithium. Submission to the NIST Post-Quantum Cryptography Standardization [NIS], 2017. Access mode: https://pq-crystals.org/dilithium.
Hermann Seuschek, Johann Heyszl, and Fabrizio De Santis. A Cautionary Note: Side-Channel Leakage Implications of Deterministic Signature Schemes // CS2@HiPEAC, pages 7–12. ACM, 2016.
Niels Samwel, Lejla Batina, Guido Bertoni, Joan Daemen, and Ruggero Susella. Breaking Ed25519 in WolfSSL // CT-RSA, volume 10808 of Lecture Notes in Computer Science, pages 1–20. Springer, 2018.
James Howe, Ayesha Khalidy, Marco Martinoli, Francesco Regazzoniz and Elisabeth Oswald. Fault Attack Countermeasures for Error Samplers // Lattice-Based Cryptography. Access mode: https://eprint.iacr.org/2019/206.pdf
Downloads
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).