Paper 2017/951

Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics

Nina Bindel, Johannes Buchmann, Juliane Krämer, Heiko Mantel, Johannes Schickel, and Alexandra Weber


In contrast to classical signature schemes, such as RSA or ECDSA signatures, the lattice-based signature scheme ring-TESLA is expected to be resistant even against quantum adversaries. Due to a recent key recovery from a lattice-based implementation, it becomes clear that cache side channels are a serious threat for lattice-based implementations. In this article, we analyze an existing implementation of ring-TESLA against cache side channels. To reduce the effort for manual code inspection, we selectively employ automated program analysis. The leakage bounds we compute with program analysis are sound overapproximations of cache-side-channel leakage. We detect four cache-side-channel vulnerabilities in the implementation of ring-TESLA. Since two vulnerabilities occur in implementations of techniques common to lattice-based schemes, they are also interesting beyond ring-TESLA. Finally, we show how the detected vulnerabilities can be mitigated effectively.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. MINOR revision.To appear in Foundations and Practice of Security - 10th International Symposium, FPS 2017
cache side channelslattice-based signature schemesprogram analysis
Contact author(s)
nbindel @ cdc informatik tu-darmstadt de
2017-09-27: received
Short URL
Creative Commons Attribution


      author = {Nina Bindel and Johannes Buchmann and Juliane Krämer and Heiko Mantel and Johannes Schickel and Alexandra Weber},
      title = {Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics},
      howpublished = {Cryptology ePrint Archive, Paper 2017/951},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.