Skip to main content
SpringerLink
Log in

Fault analysis of the NTRUSign digital signature scheme

  • Published:
Cryptography and Communications Aims and scope Submit manuscript

Abstract

We present a fault analysis of the NTRUSign digital signature scheme. The utilized fault model is the one in which the attacker is assumed to be able to fault a small number of coefficients in a specific polynomial during the signing process but cannot control the exact location of the injected transient faults. For NTRUsign with parameters (N, q = p l, \(\mathcal{B}\), standard, \(\mathcal{N}\)), when the attacker is able to skip the norm-bound signature checking step, our attack needs one fault, succeeds with probability \(\approx 1-\frac{1}{p}\) and requires O((qN)t) steps when the number of faulted polynomial coefficients is upper bounded by t. The attack is also applicable to NTRUSign utilizing the transpose NTRU lattice but it requires double the number of fault injections. Different countermeasures against the proposed attack are investigated.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Hoffstein, J., Graham, N., Pipher, J., Silverman, J., Whyte, W.: NTRUSign: Digital signatures using the NTRU lattice. Draft 2, NTRU Cryptosystem Inc. (2002). Available at: www.sisecure.com/cryptolab/pdf/NTRUSign-preV2.ps

  2. Hoffstein, J., Graham, N., Pipher, J., Silverman, J., Whyte, W.: NTRUSign: digital signatures using the NTRU lattice. In: Proc. of CT-RSA’03, LNCS 2612, pp. 122–140. Springer (2003)

  3. Hoffstein, J., Pipher, J., Silverman, J.: An Introduction to Mathematical Cryptography. Undergraduate Texts in Mathematics. Springer (2008)

  4. Consortium for Efficient Embedded Security. Efficient Embedded Security Standard (EESS)#1: Implementation Aspects of NTRUEncrypt and NTRUSign (2003). Available at http://grouper.ieee.org/groups/1363/lattPK/submissions/EESS1v2.pdf

  5. Hoffstein, J., Pipher, J., Silverman, J.: NSS: an NTRU lattice-based signature scheme. In: Proc. of EUROCRYPT’01, LNCS 2045, pp. 211–228. Springer (2001)

  6. Gentry, C., Jonsson, J., Stern, J., Szydlo, M.: Cryptanalysis of the NTRU signature scheme (NSS) from Eurocrypt 2001. In: Proc. of ASIACRYPT’01, LNCS 2248, pp. 1–20. Springer (2001)

  7. Gentry, C., Szydlo, M.: Cryptanalysis of the revised NTRU signature scheme. In: Proc. of EUROCRYPT’02, LNCS 2332, pp. 299–320. Springer (2002)

  8. Goldreich, O., Goldwasser, S., Halevi, S.: Public-key cryptosystems from lattice reduction problems. In: Proc. of CRYPTO’97, LNCS 1294, pp. 112–131. Springer (1997)

  9. Min, S., Yamamoto, G., Kim, K.: Weak property of malleability in NTRUSign. In: Proc. ACISP’04, LNCS 3108, pp. 379–390. Springer (2004)

  10. Szydlo, M.: Hypercubic lattice reduction and analysis of GGH and NTRU signatures. In: Proc. of EUROCRYPT’03, LNCS 2656, pp. 433–448. Springer (2003)

  11. Nguyen, P., Regev, O.: Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures. In: Proc. of EUROCRYPT’06, LNCS 4004, pp. 215–233. Springer (2006)

  12. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Proc. of EUROCRYPT’97, LNCS 1233, pp. 37–51. Springer, Heidelberg (1997)

  13. Biernat, J., Nikodem, M.: Fault cryptanalysis of ElGamal signature scheme. In: Proc. of EUROCAST’05, LNCS 3643, pp. 327–336. Springer (2005)

  14. Giraud, C., Knudsen, E., Tunstall, M.: Improved fault analysis of signature schemes. In: Proc. of CARDIS’10, LNCS 6035, pp. 164–181. Springer (2010)

  15. Biehl, I., Meyer, B., Muller, V.: Differential fault analysis on elliptic curve cryptosystems. In: Proc. of CRYPTO’00, LNCS 1880, pp. 131–146. Springer (2000)

  16. Seifert, J.: On authenticated computing and RSA-based authentication. In: Proc. of ACM CCS’05, pp. 122–127. ACM Press (2005)

  17. Muir, J.: Seifert’s RSA fault attack: simplified analysis and generalizations. In: Proc. of ICICS’06, LNCS 4307, pp. 420–434. Springer (2006)

  18. Brier, E., Chevallier-Mames, B., Ciet, M., Clavier, C.: Why one should also secure RSA public key elements. In: Proc. of CHES’06, LNCS 4249, pp. 324–338. Springer (2006)

  19. Berzati, A., Canovas, C., Goubin, L.: Perturbating RSA public keys: an improved attack. In: Proc. of CHES’08, LNCS 5141 , pp. 380–395. Springer (2008)

  20. Berzati, A., Canovas, C., Doumas, J., Goubin, L.: Fault attacks on RSA public keys: left-to-right implementations are also vulnerable. In: Proc. of CT-RSA’09, LNCS 5473, pp. 414–428. Springer (2009)

  21. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Proc. of CRYPTO’97, LNCS 1294, pp. 513–525. Springer (1997)

  22. Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on AES. In: Proc. of ACNS’03, LNCS 2846, pp. 293–306. Springer (2003)

  23. Hoch, J., Shamir, A.: Fault analysis of stream ciphers. In: Proc. of CHES’04, LNCS 3156, pp. 240–253. Springer (2004)

  24. Kamal, A., Youssef, A.: Fault analysis of NTRUEncrypt. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E94-A(4), 1156–1158 (2011)

    Article  Google Scholar 

  25. Blömer, J., Otto, M.: Wagner’s attack on a secure CRT-RSA algorithm reconsidered. In: Proc. of FDTC’06, LNCS 4236, pp. 13–23. Springer (2006)

  26. Shamir, A.: Method and apparatus for protecting public key schemes from timing and fault attacks. United States Patent #5991415, November 23, 1999. Also presented at the rump session of EUROCRYPT’97

  27. Kim, C., Quisquater, J.: Fault attacks for CRT based RSA: new attacks, new results, and new countermeasures. In: Proc. of WISTP’07, LNCS 4462, pp. 215–228. Springer (2007)

  28. Yen, S., Kim, S., Lim, S., Moon, S.: RSA speedup with Chinese Remainder Theorem immune against hardware fault cryptanalysis. IEEE Trans. Comput. 52(4), 461–472 (2003)

    Article  Google Scholar 

  29. Blömer, J., Otto, M., Seifert, J.: A new CRT-RSA algorithm secure against Bellcore attacks. In: Proc. of CCS’03, pp. 311–320 (2003)

  30. Ciet, M., Joye, M.: Practical fault countermeasures for Chinese remaindering based RSA. In: Proc. of FDTC’05, pp. 124–131 (2005)

  31. Driessen, B., Poschmann, A., Paar, C.: Comparison of innovative signature algorithms for WSNs. In: Proc. of WiSec’08, pp. 30–35. ACM Press (2008)

  32. Skorobogatov, S., Anderson, R.: Optical fault induction attacks. In: Proc. of CHES’03, LNCS 2523, pp. 2–12. Springer (2003)

  33. Hoffstein, J., Howgrave-Graham, N., Pipher, J., Whyte, W.: Practical lattice-based cryptography: NTRUEncrypt and NTRUSign. In: The LLL Algorithm, pp. 1–42. Springer, Berlin (2010)

    Google Scholar 

  34. Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J., Whyte, W.: Performance improvements and a baseline parameter generation algorithm for NTRUSign. In: Workshop on Mathematical Problems and Techniques in Cryptology, Barcelona, Spain (2005)

  35. Silverman, J.: Almost inverses and fast NTRU key creation. NTRU Report 014, NTRU Cryptosystem Inc. (1999). Available at: http://securityinnovation.com/cryptolab/pdf/NTRUTech014.pdf

  36. Silverman, J.: Invertibility in truncated polynomial rings. NTRU Report 009, NTRU cryptosystem Inc. (1998). Available at: http://securityinnovation.com/cryptolab/pdf/NTRUTech009.pdf

  37. Koren, I., Mani Krishna, C.: Fault-Tolerant Systems. Elsevier/Morgan Kaufmann (2007)

Download references

Acknowledgements

The authors would like to thank the anonymous reviewers for their valuable comments and suggestions that helped improve the quality of the paper. This work is supported in part by the Natural Sciences and Engineering Research Council of Canada.

Author information

Authors and Affiliations

  1. Concordia Institute for Information Systems Engineering, Concordia University, Montreal, QC, H3G 1M8, Canada

    Abdel Alim Kamal & Amr M. Youssef

Authors
  1. Abdel Alim Kamal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amr M. Youssef
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amr M. Youssef.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kamal, A.A., Youssef, A.M. Fault analysis of the NTRUSign digital signature scheme. Cryptogr. Commun. 4, 131–144 (2012). https://doi.org/10.1007/s12095-011-0061-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12095-011-0061-3

Keywords

Mathematics Subject Classification (2010)

Search

Navigation