Paper 2019/715
On the Security of Lattice-based Fiat-Shamir Signatures in the Presence of Randomness Leakage
Yuejun Liu, Yongbin Zhou, Shuo Sun, Tianyu Wang, Rui Zhang, and Jingdian Ming
Abstract
Leakages during the signing process, including partial key exposure and partial (or complete) randomness exposure, may be devastating for the security of digital signatures. In this work, we investigate the security of lattice-based Fiat-Shamir signatures in the presence of randomness leakage. To this end, we present a generic key recovery attack that relies on minimum leakage of randomness, and then theoretically connect it to a variant of Integer-LWE (ILWE) problem. The ILWE problem, introduced by Bootle et al. at Asiacrypt 2018, is to recover the secret vector given polynomially many samples of the form , and it is solvable if the error is not superpolynomially larger than the inner product . However, in our variant (we call the variant FS-ILWE problem in this paper), is a sparse vector whose coefficients are NOT independent any more, and
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Preprint. MINOR revision.
- Keywords
- Randomness leakage attacksFiat-Shamir signatureDilithiumqTESLAILWEthe least squares method
- Contact author(s)
- liuyuejun @ iie ac cn
- History
- 2020-09-12: revised
- 2019-06-18: received
- See all versions
- Short URL
- https://ia.cr/2019/715
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/715, author = {Yuejun Liu and Yongbin Zhou and Shuo Sun and Tianyu Wang and Rui Zhang and Jingdian Ming}, title = {On the Security of Lattice-based Fiat-Shamir Signatures in the Presence of Randomness Leakage}, howpublished = {Cryptology {ePrint} Archive, Paper 2019/715}, year = {2019}, url = {https://eprint.iacr.org/2019/715} }