Skip to main content
SpringerLink
Log in
Book cover

International Conference on Smart Card Research and Advanced Applications

CARDIS 2016: Smart Card Research and Advanced Applications pp 245–264Cite as

An Analysis of the Learning Parity with Noise Assumption Against Fault Attacks

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10146))

Abstract

We provide a first security evaluation of LPN-based implementations against fault attacks. Our main result is to show that such implementations inherently have good features to resist these attacks. First, some prominent fault models (e.g. where an adversary flips bits in an implementation) are ineffective against LPN. Second, attacks taking advantage of more advanced fault models (e.g. where an adversary sets bits in an implementation) require significantly more samples than against standard symmetric cryptographic primitives such as block ciphers. Furthermore, the sampling complexity of these attacks strongly suffers from inaccurate fault insertion. Combined with the previous observation that the inner products computed in LPN implementations have an interesting algebraic structure for side-channel resistance via masking, these results therefore suggest LPN-based primitives as interesting candidates for physically secure implementations.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Intuitively, the independence assumption is reasonable since what we require is that for each key candidate \(\mathbf k ^{*}\) there exists enough plaintexts belonging to \(\mathbb {Z}^d_2 \setminus V(\langle \mathbf x \vert \mathbf k \oplus \mathbf k ^{*}\rangle )\), with \(V(\langle \mathbf x \vert \mathbf k \oplus \mathbf k ^{*}\rangle )\) the hyperplane defined by the equation \(\langle \mathbf x \vert \mathbf k \oplus \mathbf k ^{*}\rangle =0\).

  2. 2.

    Defined as the distance from the uniform probability \(\frac{1}{2}\).

References

  1. Balasch, J., Faust, S., Gierlichs, B.: Inner product masking revisited. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 486–510. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46800-5_19

    Google Scholar 

  2. Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval and Johansson [29], pp. 719–737 (2012)

    Google Scholar 

  3. Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)

    Article  Google Scholar 

  4. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997). doi:10.1007/BFb0052259

    Chapter  Google Scholar 

  5. Blum, A., Furst, M., Kearns, M., Lipton, R.J.: Cryptographic primitives based on hard learning problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994). doi:10.1007/3-540-48329-2_24

    Google Scholar 

  6. Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. In: Frances Yao, F., Luks, E.M. (eds.), Proceedings of the Thirty-Second Annual ACM Symposium on Theory of Computing, 21–23 May 2000, Portland, OR, USA, pp. 435–440. ACM (2000)

    Google Scholar 

  7. Bogos, S., Tramèr, F., Vaudenay, S.: On solving lPN using BKW and variants. IACR Cryptology ePrint Archive 2015:49 (2015)

    Google Scholar 

  8. Bringer, J., Chabanne, H., Dottax, E.: Hb\({}^{\text{++}}\): a lightweight authentication protocol secure against some attacks. In: Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU 2006), 29 June 2006, Lyon, France, pp. 28–33 (2006)

    Google Scholar 

  9. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). doi:10.1007/3-540-36400-5_3

    Chapter  Google Scholar 

  10. Dodis, Y., Kiltz, E., Pietrzak, K., Wichs, D.: Message authentication, revisited. In: Pointcheval and Johansson [29], pp. 355–374 (2012)

    Google Scholar 

  11. Duc, A., Vaudenay, S.: HELEN: a public-key cryptosystem based on the LPN and the decisional minimal distance problems. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 107–126. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38553-7_6

    Chapter  Google Scholar 

  12. Dziembowski, S., Faust, S.: Leakage-resilient cryptography from the inner-product extractor. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 702–721. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25385-0_38

    Chapter  Google Scholar 

  13. Gaspar, L., Leurent, G., Standaert, F.-X.: Hardware implementation and side-channel analysis of lapin. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 206–226. Springer, Cham (2014). doi:10.1007/978-3-319-04852-9_11

    Chapter  Google Scholar 

  14. Gilbert, H., Robshaw, M., Sibert, H.: Active attack against HB+: a provably secure lightweight authentication protocol. Electron. Lett. 41(21), 1169–1170 (2005)

    Article  Google Scholar 

  15. Gilbert, H., Robshaw, M.J.B., Seurin, Y.: Hb#: increasing the security and efficiency of Hb\(^{*}\). In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 361–378. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78967-3_21

    Chapter  Google Scholar 

  16. Gilbert, H., Robshaw, M.J.B., Seurin, Y.: How to encrypt with the LPN problem. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 679–690. Springer, Heidelberg (2008). doi:10.1007/978-3-540-70583-3_55

    Chapter  Google Scholar 

  17. Giraud, C., Thiebeauld, H.: A survey on fault attacks. In: Quisquater, J.-J., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds.) Smart Card Research and Advanced Applications VI. IFIP, vol. 153, pp. 159–176. Springer, Heidelberg (2008). doi:10.1007/1-4020-8147-2_11

    Chapter  Google Scholar 

  18. Grosso, V., Standaert, F.-X., Faust, S.: Masking vs. multiparty computation: how large is the gap for aes? J. Cryptographic Eng. 4(1), 47–57 (2014)

    Article  Google Scholar 

  19. Guo, Q., Johansson, T., Löndahl, C.: Solving LPN using covering codes. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 1–20. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45611-8_1

    Google Scholar 

  20. Heyse, S., Kiltz, E., Lyubashevsky, V., Paar, C., Pietrzak, K.: Lapin: an efficient authentication protocol based on ring-LPN. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 346–365. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34047-5_20

    Chapter  Google Scholar 

  21. Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001). doi:10.1007/3-540-45682-1_4

    Chapter  Google Scholar 

  22. Joye, M., Tunstall, M. (eds.): Fault Analysis in Cryptography. Information Security and Cryptography. Springer, Heidelberg (2012)

    MATH  Google Scholar 

  23. Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005). doi:10.1007/11535218_18

    Chapter  Google Scholar 

  24. Kiltz, E., Pietrzak, K., Cash, D., Jain, A., Venturi, D.: Efficient authentication from hard learning problems. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 7–26. Springer, Heidelberg (2011). doi:10.1007/978-3-642-20465-4_3

    Chapter  Google Scholar 

  25. Levieil, É., Fouque, P.-A.: An improved LPN algorithm. In: Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 348–359. Springer, Heidelberg (2006). doi:10.1007/11832072_24

    Chapter  Google Scholar 

  26. Medwed, M., Standaert, F.-X.: Extractors against side-channel attacks: weak or strong? J. Cryptographic. Engineering 1(3), 231–241 (2011)

    Article  Google Scholar 

  27. Pietrzak, K.: Cryptography from learning parity with noise. In: Bieliková, M., Friedrich, G., Gottlob, G., Katzenbeisser, S., Turán, G. (eds.) SOFSEM 2012. LNCS, vol. 7147, pp. 99–114. Springer, Heidelberg (2012). doi:10.1007/978-3-642-27660-6_9

    Chapter  Google Scholar 

  28. Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and Khazad. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45238-6_7

    Chapter  Google Scholar 

  29. Pointcheval, D., Johansson, T. (eds.): EUROCRYPT 2012. LNCS, vol. 7237. Springer, Heidelberg (2012)

    MATH  Google Scholar 

  30. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) Proceedings of the 37th Annual ACM Symposium on Theory of Computing, 22–24 May 2005, Baltimore, MD, USA, pp. 84–93. ACM (2005)

    Google Scholar 

  31. Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013). doi:10.1007/978-3-642-35999-6_25

    Chapter  Google Scholar 

Download references

Acknowledgments

François-Xavier Standaert is a research associate of the Belgian Fund for Scientific Research (F.R.S.-FNRS). This work has been funded in parts by the ERC project 280141 and by the ARC project NANOSEC.

Author information

Authors and Affiliations

  1. ICTEAM/ELEN/Crypto Group, Université catholique de Louvain, Louvain-la-neuve, Belgium

    Francesco Berti & François-Xavier Standaert

Authors
  1. Francesco Berti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. François-Xavier Standaert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Francesco Berti .

Editor information

Editors and Affiliations

  1. Bonn-Rhein-Sieg University of Applied Sciences, St. Augustin, Germany

    Kerstin Lemke-Rust

  2. Cryptography Research Inc. , San Francisco, California, USA

    Michael Tunstall

A Additional figures

A Additional figures

Fig. 8.
figure 8

Inaccurate fault attacks against a \(n=1024\)-bit key with \(\varDelta =8\).

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Berti, F., Standaert, FX. (2017). An Analysis of the Learning Parity with Noise Assumption Against Fault Attacks. In: Lemke-Rust, K., Tunstall, M. (eds) Smart Card Research and Advanced Applications. CARDIS 2016. Lecture Notes in Computer Science(), vol 10146. Springer, Cham. https://doi.org/10.1007/978-3-319-54669-8_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-54669-8_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-54668-1

  • Online ISBN: 978-3-319-54669-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation