FALCON signature vulnerability to special attacks and its protection
DOI:
https://doi.org/10.30837/rt.2022.3.210.03Keywords:
post-quantum cryptography, electronic signature algorithm, Falcon algorithm, NISTAbstract
It is well known that quantum algorithms offer exponential speedup in solving the integer factorization and discrete logarithm problems that existing public-key systems rely on. Thus, post-quantum cryptography seeks alternative classical algorithms that can withstand quantum cryptanalysis. Growing concern about the quantum threat has prompted the National Institute of Standards and Technology (NIST) to invite and evaluate applications for a post-quantum cryptography standard, an ongoing process scheduled to be completed by 2023.
Falcon is an electronic signature algorithm based on the mathematics of algebraic lattices. The disadvantage of this algorithm is the small number of studies of resistance against special attacks, as well as attacks through side channels.
This material examines existing attacks on the implementation, and also analyzes the speed with applying countermeasures that would prevent such attacks. Although the Falcon scheme sampler, as well as certain mathematical transformations, are still vulnerable to attacks (which in turn allow the private key to be obtained), the efficiency of the components and mathematics of this signature algorithm make it competitive with other schemes, even with countermeasures against these attacks.
The work will also consider the attack by side channels on the Falcon. Such an attack is a known-plaintext attack that uses the device's electromagnetic radiation to derive secret signature keys, which can then be used to forge signatures in arbitrary messages. The obtained results show that Falcon is quite vulnerable to side-channel attacks and does not yet have protection against such attacks in the proposed implementation. Because of this, standardization or implementation should consider the possibility of physical attacks, as well as options for countering such attacks.
References
P. Shor. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer // SIAM Review, vol. 41, no. 2, pp. 303– 332, 1999.
J. Proos et al. Shor’s discrete logarithm quantum algorithm for elliptic curves // Quantum Info. Comput., vol. 3, no. 4, pp. 317–344, Jul. 2003.
P. Kocher et al. Differential power analysis // Advances in Cryptology – CRYPTO’ 99, 1999, pp. 388–397.
Post-Quantum Cryptography. Round 3 Submissions. 2020. URL: https://csrc.nist.gov/Projects/post-quantum-cryptography/round-3-submissions.
L´eo Ducas, Vadim Lyubashevsky and Thomas Prest. Efficient Identity-Based Encryption over NTRU Lattices. 2014. URL: https://eprint.iacr.org/2014/794.pdf.
Sarah McCarthy, James Howea, Neil Smythb, Séamus Brannigan, and Máire O’Neill. BEARZ Attack FALCON: Implementation Attacks with Countermeasures on the FALCON signature scheme. 2019. URL: https://eprint.iacr.org/2019/478.pdf.
Pierre-Alain Fouque, Jeffrey Hoffstein, Paul Kirchner, Vadim Lyubashevsky, Thomas Pornin, Thomas Prest, Thomas Ricosset, Gregor Seiler, William Whyte, Zhenfei Zhang. Falcon: Fast-Fourier Lattice-based Compact Signatures over NTRU Specifications v1.2. 2020. URL: https://falcon-sign.info/falcon.pdf.
Verbauwhede I., Karaklajic D., and Schmidt J.-M. The Fault Attack Jungle – A Classification Model to Guide You. 2011. URL: https://www.esat.kuleuven.be/cosic/publications/article-2046.pdf.
J. Ahrens and U. Dieter. Extension of forsythe’s method for random sampling from the normal distribution. 1973. URL: https://www.ams.org/journals/mcom/1973-27-124/S0025-5718-1973-0329190-8/S0025-5718-1973-0329190-8.pdf.
Thomas Prest. Gaussian Sampling in Lattice-Based Cryptography. 2015. URL: https://tel.archives-ouvertes.fr/tel-01245066v2/document.
Patrick Longa and Michael Naehrig. Speeding up the Number Theoretic Transform for Faster Ideal Lattice-Based Cryptography. 2016. URL: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/05/RLWE-1.pdf.
Офіційний сайт ЕП Falcon. URL: https://falcon-sign.info.
Hodgers P., Regazzoni F., Gilmore R., Moore C., and Oder T. State-of-the-art in physical side-channel attacks and resistant technologies. 2016. URL: https://ec.europa.eu/research/participants/documents/downloadPublic?documentIds=080166e5a63fd691&appId=PPGMS.
Robert Primas. Side-Channel Attacks on Efficient Lattice-Based Encryption. 2017. URL: https://diglib.tugraz.at/download.php?id=5a1def5f2e7fa&location=browse.
E. Karabulut and A. Aysu. Falcon down: Breaking falcon post-quantum signature scheme through side-channel attacks // 2021 58th ACM/IEEE Design Automation Conference (DAC), pp. 691-696, 2021.
Дерев’янко Я.А., Горбенко І.Д. Вимоги та результати оцінки захищеності перспективного електронного підпису від спеціальних атак. 2020. URL: http://www.viti.edu.ua/files/zbk/2020/c_2020.pdf.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).