Paper 2018/674

Practical Fault Injection Attacks on SPHINCS

Aymeric Genêt, Matthias J. Kannwischer, Hervé Pelletier, and Andrew McLauchlan

Abstract

The majority of currently deployed cryptographic public-key schemes are at risk of becoming insecure once large scale quantum computers become practical. Therefore, substitutes resistant to quantum attacks楊nown as post-quantum cryptography預re required. In particular, hash-based signature schemes appear to be the most conservative choice for post-quantum digital signatures. In this work, we mount the first practical fault attack against hash-based cryptography. The attack was originally proposed by Castelnovi, Martinelli, and Prest [9] and allows the creation of a universal signature forgery that applies to all current standardisation candidates (XMSS, LMS, SPHINCS+, and Gravity-SPHINCS). We perform the attack on an Arduino Due board featuring an ARM Cortex-M3 microprocessor running the original stateless scheme SPHINCS with a focus on practicality. We describe how the attack is mountable with a simple voltage glitch injection on the targeted platform, which allowed us to collect enough faulty signatures to create a universal forgery within seconds. As the attack also applies to stateful schemes, we show how caching one-time signatures can entirely prevent the attack for stateful schemes, such as XMSS and LMS. However, we discuss how protecting stateless schemes, like SPHINCS, SPHINCS+, and Gravity-SPHINCS, is more challenging, as this countermeasure does not apply as efficiently as in stateful schemes.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
SPHINCShash-based signaturevoltage glitchingfault attackdigital signature
Contact author(s)
matthias @ kannwischer eu
History
2018-10-15: revised
2018-07-13: received
See all versions
Short URL
https://ia.cr/2018/674
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/674,
      author = {Aymeric Genêt and Matthias J.  Kannwischer and Hervé Pelletier and Andrew McLauchlan},
      title = {Practical Fault Injection Attacks on SPHINCS},
      howpublished = {Cryptology ePrint Archive, Paper 2018/674},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/674}},
      url = {https://eprint.iacr.org/2018/674}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.