Cryptology ePrint Archive: Report 2017/951

Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics

Nina Bindel and Johannes Buchmann and Juliane Krämer and Heiko Mantel and Johannes Schickel and Alexandra Weber

Abstract: In contrast to classical signature schemes, such as RSA or ECDSA signatures, the lattice-based signature scheme ring-TESLA is expected to be resistant even against quantum adversaries. Due to a recent key recovery from a lattice-based implementation, it becomes clear that cache side channels are a serious threat for lattice-based implementations. In this article, we analyze an existing implementation of ring-TESLA against cache side channels. To reduce the effort for manual code inspection, we selectively employ automated program analysis. The leakage bounds we compute with program analysis are sound overapproximations of cache-side-channel leakage. We detect four cache-side-channel vulnerabilities in the implementation of ring-TESLA. Since two vulnerabilities occur in implementations of techniques common to lattice-based schemes, they are also interesting beyond ring-TESLA. Finally, we show how the detected vulnerabilities can be mitigated effectively.

Category / Keywords: public-key cryptography / cache side channels, lattice-based signature schemes, program analysis

Original Publication (with minor differences): To appear in Foundations and Practice of Security - 10th International Symposium, FPS 2017

Date: received 27 Sep 2017

Contact author: nbindel at cdc informatik tu-darmstadt de

Available format(s): PDF | BibTeX Citation

Version: 20170927:163451 (All versions of this report)

Short URL: ia.cr/2017/951

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]