You are looking at a specific version 20180226:194754 of this paper. See the latest version.

Paper 2018/211

Number "Not" Used Once - Key Recovery Fault Attacks on LWE Based Lattice Cryptographic Schemes

Prasanna Ravi and Shivam Bhasin and Anupam Chattopadhyay

Abstract

This paper proposes a simple single bit flip fault attack applicable to several LWE (Learning With Errors Problem) based lattice based schemes like KYBER, NEWHOPE, DILITHIUM and FRODO which were submitted as proposals for the NIST call for standardisation of post quantum cryptography. We have identified a vulnerability in the usage of nonce, during generation of secret and error components in the key generation procedure. Our fault attack, based on a practical bit flip model (single bit flip to very few bit flips for proposed parameter instantiations) enables us to retrieve the secret key from the public key in a trivial manner. We fault the nonce in order to maliciously use the same nonce to generate both the secret and error components which turns the LWE instance into an exactly defined set of linear equations from which the secret can be trivially solved for using Gaussian elimination.

Note: Capitalized the Title of the paper and hence was asked to be revised. We have revised accordingly.

Metadata
Available format(s)
PDF
Publication info
Preprint.
Keywords
Lattice based cryptographyDigital Signaturespost quantum cryptography
Contact author(s)
PRASANNA RAVI @ ntu edu sg
History
2019-03-13: last of 3 revisions
2018-02-26: received
See all versions
Short URL
https://ia.cr/2018/211
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.