Paper 2018/211
Number "Not" Used Once - Key Recovery Fault Attacks on LWE Based Lattice Cryptographic Schemes
Prasanna Ravi and Shivam Bhasin and Anupam Chattopadhyay
Abstract
This paper proposes a simple single bit flip fault attack applicable to several LWE (Learning With Errors Problem) based lattice based schemes like KYBER, NEWHOPE, DILITHIUM and FRODO which were submitted as proposals for the NIST call for standardisation of post quantum cryptography. We have identified a vulnerability in the usage of nonce, during generation of secret and error components in the key generation procedure. Our fault attack, based on a practical bit flip model (single bit flip to very few bit flips for proposed parameter instantiations) enables us to retrieve the secret key from the public key in a trivial manner. We fault the nonce in order to maliciously use the same nonce to generate both the secret and error components which turns the LWE instance into an exactly defined set of linear equations from which the secret can be trivially solved for using Gaussian elimination.
Note: Capitalized the Title of the paper and hence was asked to be revised. We have revised accordingly.
Metadata
- Available format(s)
- Publication info
- Preprint.
- Keywords
- Lattice based cryptographyDigital Signaturespost quantum cryptography
- Contact author(s)
- PRASANNA RAVI @ ntu edu sg
- History
- 2019-03-13: last of 3 revisions
- 2018-02-26: received
- See all versions
- Short URL
- https://ia.cr/2018/211
- License
-
CC BY