Paper 2017/951
Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics
Nina Bindel, Johannes Buchmann, Juliane Krämer, Heiko Mantel, Johannes Schickel, and Alexandra Weber
Abstract
In contrast to classical signature schemes, such as RSA or ECDSA signatures, the lattice-based signature scheme ring-TESLA is expected to be resistant even against quantum adversaries. Due to a recent key recovery from a lattice-based implementation, it becomes clear that cache side channels are a serious threat for lattice-based implementations. In this article, we analyze an existing implementation of ring-TESLA against cache side channels. To reduce the effort for manual code inspection, we selectively employ automated program analysis. The leakage bounds we compute with program analysis are sound overapproximations of cache-side-channel leakage. We detect four cache-side-channel vulnerabilities in the implementation of ring-TESLA. Since two vulnerabilities occur in implementations of techniques common to lattice-based schemes, they are also interesting beyond ring-TESLA. Finally, we show how the detected vulnerabilities can be mitigated effectively.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. Minor revision. To appear in Foundations and Practice of Security - 10th International Symposium, FPS 2017
- Keywords
- cache side channelslattice-based signature schemesprogram analysis
- Contact author(s)
- nbindel @ cdc informatik tu-darmstadt de
- History
- 2017-09-27: received
- Short URL
- https://ia.cr/2017/951
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/951,
author = {Nina Bindel and Johannes Buchmann and Juliane Krämer and Heiko Mantel and Johannes Schickel and Alexandra Weber},
title = {Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics},
howpublished = {Cryptology {ePrint} Archive, Paper 2017/951},
year = {2017},
url = {https://eprint.iacr.org/2017/951}
}
