Paper 2019/769

Exploiting Determinism in Lattice-based Signatures - Practical Fault Attacks on pqm4 Implementations of NIST candidates

Prasanna Ravi, Mahabir Prasad Jhanwar, James Howe, Anupam Chattopadhyay, and Shivam Bhasin

Abstract

In this paper, we analyze the implementation level fault vulnerabilities of deterministic lattice-based signature schemes. In particular, we extend the practicality of skip-addition fault attacks through exploitation of determinism in certain variants of Dilithium (Deterministic variant) and qTESLA signature scheme (originally submitted deterministic version), which are two leading candidates for the NIST standardization of post-quantum cryptography. We show that single targeted faults injected in the signing procedure allow to recover an important portion of the secret key. Though faults injected in the signing procedure do not recover all the secret key elements, we propose a novel forgery algorithm that allows the attacker to sign any given message with only the extracted portion of the secret key. We perform experimental validation of our attack using Electromagnetic fault injection on reference implementations taken from the pqm4 library, a benchmarking and testing framework for post quantum cryptographic implementations for the ARM Cortex-M4 microcontroller. We also show that our attacks break two well known countermeasures known to protect against skip-addition fault attacks. We further propose an efficient mitigation strategy against our attack that exponentially increases the attacker's complexity at almost zero increase in computational complexity.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Minor revision. AsiaCCS-2019
Keywords
Deterministic Lattice Signaturespqm4Fault AttackLattice-based CryptographyDilithiumqTESLA
Contact author(s)
PRASANNA RAVI @ ntu edu sg
History
2019-07-02: received
Short URL
https://ia.cr/2019/769
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/769,
      author = {Prasanna Ravi and Mahabir Prasad Jhanwar and James Howe and Anupam Chattopadhyay and Shivam Bhasin},
      title = {Exploiting Determinism in Lattice-based Signatures - Practical Fault Attacks on pqm4 Implementations of {NIST} candidates},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/769},
      year = {2019},
      url = {https://eprint.iacr.org/2019/769}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.