Skip to main content
SpringerLink
Log in
Book cover

International Conference on Embedded Computer Systems

SAMOS 2019: Embedded Computer Systems: Architectures, Modeling, and Simulation pp 107–123Cite as

Fault Sensitivity Analysis of Lattice-Based Post-Quantum Cryptographic Components

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11733))

Abstract

Post-Quantum Cryptography (PQC) is currently receiving significant interest, as the construction of a practical quantum computer capable of executing Shor’s algorithm is expected in the near-to-medium future. Lattice-based PQC algorithms are among the most promising candidates discussed today, due to their performance and versatility. In this paper, we demonstrate fault sensitivity analysis (FSA) of circuit blocks used in lattice-based cryptographic implementations and a representative complete post-quantum algorithm. FSA correlates the sensitivity of the algorithm’s circuit implementation to faults with the processed data and recovers parts of the used secret key. In contrast to other types of fault attacks, FSA makes limited assumptions about the precision of fault injections and is therefore accessible even to poorly-equipped adversaries. We investigate traditional FSA based on simple models as well as its more advanced variants using templates with different construction procedures and aggregation functions, and systematically explore the conditions under which the analysis is successful. To the best of our knowledge, this is the most complex cryptographic implementation so far broken by FSA, and the first such PQC implementation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Despite recently not being included among the second round of the NIST standardization process, we selected Lotus as example of complete algorithm, because it uses (although with different parameters) all the basic blocks (vector/matrix operation, threshold as decoding function, hash functions and the Fujisaki-Okamoto transform) that constitute the foundation of several lattice-based schemes, thus it is representative of several submission still in the competition.

  2. 2.

    We also used the Zero-model and a model where sensitivity depends on the magnitude of the key but we did not obtained successful results.

References

  1. Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The em side-channel(s). In: CHES 2002, pp. 29–45 (2003)

    Chapter  Google Scholar 

  2. Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In Proceedings of the twenty-eighth annual ACM symposium on Theory of computing - STOC 1996, Association for Computing Machinery (ACM) (1996)

    Google Scholar 

  3. Alkim, E., et al.: Newhope - algorithm specifications and supporting documentation (2018)

    Google Scholar 

  4. Arribas, V., De Cnudde, T., Sijacic, D.: Glitch-resistant masking schemes as countermeasure against fault sensitivity Analysis. In: FDTC (2018)

    Google Scholar 

  5. Baan, H., et al.: Round2: KEM and PKE based on GLWR. Cryptology ePrint Archive, Report 2017/1183 (2017)

    Google Scholar 

  6. Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006)

    Article  Google Scholar 

  7. Bindel, N., Buchmann, J., Krämer, J.: Lattice-based signature schemes and their sensitivity to fault attacks. Cryptology ePrint Archive, Report 2016/415 (2016)

    Google Scholar 

  8. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14(2), 101–119 (2001)

    Article  MathSciNet  Google Scholar 

  9. Bos, J., et al.: Frodo: take off the ring! practical, quantum-secure key exchange from LWE. Cryptology ePrint Archive, Report 2016/659

    Google Scholar 

  10. Cayrel, P.-L., El Yousfi Alaoui, S.M., Hoffmann, G., Meziani, M., Niebuhr, R.: Recent progress in code-based cryptography. In: Kim, T., Adeli, H., Robles, R.J., Balitanas, M. (eds.) ISA 2011. CCIS, vol. 200, pp. 21–32. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23141-4_3

    Chapter  Google Scholar 

  11. Endo, S., Li, Y., Homma, N., Sakiyama, K., Ohta, K., Aoki, T.: An efficient countermeasure against fault sensitivity analysis using configurable delay blocks. In: 2012 DFTC. IEEE, September 2012

    Google Scholar 

  12. Espitau, T., Fouque, P.-A., Gérard, B., Tibouchi, M.: Loop-abort faults on lattice-based fiat-shamir and hash-and-sign signatures. Cryptology ePrint Archive, Report 2016/449 (2016)

    Google Scholar 

  13. Ghalaty, N.F., Aysu, A., Schaumont, P.: Analyzing and eliminating the causes of fault sensitivity analysis. In: Proceedings of the Conference on Design, Automation & Test in Europe, DATE 2014, European Design and Automation Association, Leuven, Belgium, pp. 204:1–204:6 (2014)

    Google Scholar 

  14. Howe, J., Pöppelmann, T., O’neill, M., O’sullivan, E., Güneysu, T.: Practical lattice-based digital signature schemes. ACM Trans. Embed. Comput. Syst. 14(3), 1–24 (2015)

    Article  Google Scholar 

  15. Kamal, A.A., Youssef, A.M.: Fault analysis of the NTRUSign digital signature scheme. Crypt. Commun. 4(2), 131–144 (2012)

    Article  MathSciNet  Google Scholar 

  16. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: CRYPTO, pp. 388–397 (1999)

    Google Scholar 

  17. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: CRYPTO, pp. 104–113 (1996)

    Google Scholar 

  18. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    Chapter  Google Scholar 

  19. Li, Q., Zhou, F., Wu, N., Yasir: An efficient countermeasure against fault sensitivity analysis using hybrid parallel s-boxes. In: Proceedings of The World Congress on Engineering and Computer Science 2017, Lecture Notes in Engineering and Computer Science, Newswood Limited, October 2017

    Google Scholar 

  20. Li, Y., Ohta, K., Sakiyama, K.: Revisit fault sensitivity analysis on WDDL-AES. In: 2011 IEEE HOST. IEEE, June 2011

    Google Scholar 

  21. Li, Y., Sakiyama, K., Gomisawa, S., Fukunaga, T., Takahashi, J., Ohta, K.: Fault sensitivity analysis. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 320–334. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_22

    Chapter  Google Scholar 

  22. Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19074-2_21

    Chapter  Google Scholar 

  23. Liu, D., Li, N., Kim, J., Nepal, S.: Compact-LWE: enabling practically lightweight public key encryption for leveled IoT device authentication. Cryptology ePrint Archive, Report 2017/685 (2017)

    Google Scholar 

  24. Liu, Y.-K., Lyubashevsky, V., Micciancio, D.: On bounded distance decoding for general lattices. In: Approximation, Randomization, and Combinatorial Optimization. Algorithms and Techniques, pp. 450–461 (2006)

    Chapter  Google Scholar 

  25. Lyubashevsky, V.: Lattice-based identification schemes secure under active attacks. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 162–179. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78440-1_10

    Chapter  Google Scholar 

  26. Medwed, M., Oswald, E.: Template attacks on ECDSA. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 14–27. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00306-6_2

    Chapter  Google Scholar 

  27. Melzani, F., Palomba, A.: Enhancing fault sensitivity analysis through templates. In: HOST 2013, Austin, TX, USA, 2–3 June 2013, pp. 25–28 (2013)

    Google Scholar 

  28. Daniele, M., Oded, R.: Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 147–191. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-540-88702-7_5

    Chapter  MATH  Google Scholar 

  29. Moradi, A., Mischke, O., Paar, C., Li, Y., Ohta, K., Sakiyama, K.: On the power of fault sensitivity analysis and collision side-channel attacks in a combined setting. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 292–311. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_20

    Chapter  Google Scholar 

  30. Morioka, S., Satoh, A.: An optimized s-box circuit architecture for low power AES design. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 172–186. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_14

    Chapter  Google Scholar 

  31. Paillier, P.: Evaluating differential fault analysis of unknown cryptosystems. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 235–244. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-49162-7_19

    Chapter  Google Scholar 

  32. Pereira, C.C.F., Puodzius, C., Barreto, P.S.L.M.: Shorter hash-based signatures. J. Syst. Softw. 116, 95–100 (2016)

    Article  Google Scholar 

  33. Phong, L.T., Hayashi, T., Aono, Y., Moriai, S.: LOTUS: algorithm specifications and supporting documentation (2018)

    Google Scholar 

  34. Regev, O.: The learning with errors problem. In: Proceedings of 25th IEEE Annual Conference on Computational Complexity (CCC) (2010)

    Google Scholar 

  35. Saarinen, M.-J.O.: Hila5: on reliability, reconciliation, and error correction for ring-LWE encryption. Cryptology ePrint Archive, Report 2017/424 (2017)

    Google Scholar 

  36. Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings 35th Annual Symposium on Foundations of Computer Science. Institute of Electrical & Electronics Engineers (IEEE) (1994)

    Google Scholar 

  37. Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: DATE (2004)

    Google Scholar 

  38. Tunstall, M., Mukhopadhyay, D., Ali, S.: Differential fault analysis of the Advanced Encryption Standard using a single fault. In: Workshop in Information Security Theory and Practice, pp. 224–233 (2011)

    Chapter  Google Scholar 

  39. Valencia, F., Oder, T., Guneysu, T., Regazzoni, F.: Exploring the vulnerability of R-LWE encryption to fault attacks. In: CS2 Workshop at HiPEAC2018 Conference, Manchester, United Kingdom, 22–24 January 2018 (2018)

    Google Scholar 

Download references

Acknowlegments

This work has been partly funded by European Union Horizon 2020 research and innovation programme under SAFEcrypto project (grant agreement No 644729) and by the Swiss National Science Foundation (project No P1TIP2_181305).

Author information

Authors and Affiliations

  1. ALARI, Università della Svizzera Italiana (USI), Lugano, Switzerland

    Felipe Valencia & Francesco Regazzoni

  2. ITI, University of Stuttgart, Stuttgart, Germany

    Ilia Polian

Authors
  1. Felipe Valencia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ilia Polian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Francesco Regazzoni
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Felipe Valencia .

Editor information

Editors and Affiliations

  1. Technical University of Crete and ICS - FORTH, Chania, Greece

    Dionisios N. Pnevmatikatos

  2. INSA Rennes, Rennes Cedex 7, France

    Maxime Pelcat

  3. Fraunhofer IESE, Kaiserslautern, Germany

    Matthias Jung

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Valencia, F., Polian, I., Regazzoni, F. (2019). Fault Sensitivity Analysis of Lattice-Based Post-Quantum Cryptographic Components. In: Pnevmatikatos, D., Pelcat, M., Jung, M. (eds) Embedded Computer Systems: Architectures, Modeling, and Simulation. SAMOS 2019. Lecture Notes in Computer Science(), vol 11733. Springer, Cham. https://doi.org/10.1007/978-3-030-27562-4_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-27562-4_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-27561-7

  • Online ISBN: 978-3-030-27562-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation