Paper 2018/673

Differential Power Analysis of XMSS and SPHINCS

Matthias J. Kannwischer, Aymeric Genêt, Denis Butin, Juliane Krämer, and Johannes Buchmann

Abstract

Quantum computing threatens conventional public-key cryptography. In response, standards bodies such as NIST increasingly focus on post-quantum cryptography. In particular, hash-based signature schemes are notable candidates for deployment. No rigorous side-channel analysis of hash-based signature schemes has been conducted so far. This work bridges this gap. We analyse the stateful hash-based signature schemes XMSS and XMSS^MT, which are currently undergoing standardisation at IETF, as well as SPHINCS — the only practical stateless hash-based scheme. While timing and simple power analysis attacks are unpromising, we show that the differential power analysis resistance of XMSS can be reduced to the differential power analysis resistance of the underlying pseudorandom number generator. This first systematic analysis helps to further increase confidence in XMSS, supporting current standardisation efforts. Furthermore, we show that at least a 32-bit chunk of the SPHINCS secret key can be recovered using a differential power analysis attack due to its stateless construction. We present novel differential power analyses on a SHA-2-based pseudorandom number generator for XMSS and a BLAKE-256-based pseudorandom function for SPHINCS-256 in the Hamming weight model. The first attack is not threatening current versions of XMSS, unless a customised pseudorandom number generator is used. The second one compromises the security of a hardware implementation of SPHINCS-256. Our analysis is supported by a power simulator implementation of SHA-2 for XMSS and a hardware implementation of BLAKE for SPHINCS. We also provide recommendations for XMSS implementers.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. COSADE 2018
Keywords
Post-quantum cryptographyHash-based signaturesDPA
Contact author(s)
matthias @ kannwischer eu
History
2018-07-13: received
Short URL
https://ia.cr/2018/673
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/673,
      author = {Matthias J.  Kannwischer and Aymeric Genêt and Denis Butin and Juliane Krämer and Johannes Buchmann},
      title = {Differential Power Analysis of {XMSS} and {SPHINCS}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/673},
      year = {2018},
      url = {https://eprint.iacr.org/2018/673}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.