CryptoDB
Differential Fault Attacks on Deterministic Lattice Signatures
| Authors: |
|
|---|---|
| Download: | |
| Abstract: | In this paper, we extend the applicability of differential fault attacks to lattice-based cryptography. We show how two deterministic lattice-based signature schemes, Dilithium and qTESLA, are vulnerable to such attacks. In particular, we demonstrate that single random faults can result in a nonce-reuse scenario which allows key recovery. We also expand this to fault-induced partial nonce-reuse attacks, which do not corrupt the validity of the computed signatures and thus are harder to detect.Using linear algebra and lattice-basis reduction techniques, an attacker can extract one of the secret key elements after a successful fault injection. Some other parts of the key cannot be recovered, but we show that a tweaked signature algorithm can still successfully sign any message. We provide experimental verification of our attacks by performing clock glitching on an ARM Cortex-M4 microcontroller. In particular, we show that up to 65.2% of the execution time of Dilithium is vulnerable to an unprofiled attack, where a random fault is injected anywhere during the signing procedure and still leads to a successful key-recovery. |
BibTeX
@article{tches-2018-29064,
title={Differential Fault Attacks on Deterministic Lattice Signatures},
journal={IACR Trans. Cryptogr. Hardw. Embed. Syst.},
publisher={Ruhr-Universität Bochum},
volume={2018, Issue 3},
pages={21-43},
url={https://tches.iacr.org/index.php/TCHES/article/view/7267},
doi={10.13154/tches.v2018.i3.21-43},
author={Leon Groot Bruinderink and Peter Pessl},
year=2018
}