Paper 2024/1422

ZKFault: Fault attack analysis on zero-knowledge based post-quantum digital signature schemes

Puja Mondal, Indian Institute of Technology Kanpur
Supriya Adhikary, Indian Institute of Technology Kanpur
Suparna Kundu, KU Leuven
Angshuman Karmakar, Indian Institute of Technology Kanpur
Abstract

Computationally hard problems based on coding theory, such as the syndrome decoding problem, have been used for constructing secure cryptographic schemes for a long time. Schemes based on these problems are also assumed to be secure against quantum computers. However, these schemes are often considered impractical for real-world deployment due to large key sizes and inefficient computation time. In the recent call for standardization of additional post-quantum digital signatures by the National Institute of Standards and Technology, several code-based candidates have been proposed, including LESS, CROSS, and MEDS. These schemes are designed on the relatively new zero-knowledge framework. Although several works analyze the hardness of these schemes, there is hardly any work that examines the security of these schemes in the presence of physical attacks. In this work, we analyze these signature schemes from the perspective of fault attacks. All these schemes use a similar tree-based construction to compress the signature size. We attack this component of these schemes. Therefore, our attack is applicable to all of these schemes. In this work, we first analyze the LESS signature scheme and devise our attack. Furthermore, we showed how this attack can be extended to the CROSS signature scheme. Our attacks are built on very simple fault assumptions. Our results show that we can recover the entire secret key of LESS and CROSS using as little as a single fault. Finally, we propose various countermeasures to prevent these kinds of attacks and discuss their efficiency and shortcomings.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published by the IACR in ASIACRYPT 2024
Keywords
Post-quantum cryptographyPost-quantum signatureCode-based cryptographyFault attacksLESSCROSS
Contact author(s)
pujamondal @ cse iitk ac in
adhikarys @ cse iitk ac in
suparna kundu @ esat kuleuven be
angshuman @ cse iitk ac in
History
2024-11-27: revised
2024-09-11: received
See all versions
Short URL
https://ia.cr/2024/1422
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1422,
      author = {Puja Mondal and Supriya Adhikary and Suparna Kundu and Angshuman Karmakar},
      title = {{ZKFault}: Fault attack analysis on zero-knowledge based post-quantum digital signature schemes},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1422},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1422}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.