# Fault analysis of the NTRUSign digital signature scheme

@article{Kamal2011FaultAO, title={Fault analysis of the NTRUSign digital signature scheme}, author={Abdel Alim Kamal and Amr M. Youssef}, journal={Cryptography and Communications}, year={2011}, volume={4}, pages={131-144} }

We present a fault analysis of the NTRUSign digital signature scheme. The utilized fault model is the one in which the attacker is assumed to be able to fault a small number of coefficients in a specific polynomial during the signing process but cannot control the exact location of the injected transient faults. For NTRUsign with parameters (N, q = pl, $\mathcal{B}$, standard, $\mathcal{N}$), when the attacker is able to skip the norm-bound signature checking step, our attack needs one fault…

## 14 Citations

Fault analysis-resistant implementation of Rainbow Signature scheme

- Computer Science, Mathematics2017 29th International Conference on Microelectronics (ICM)
- 2017

This paper proposes and compares two fault analysis-resistant implementations for the Rainbow signature scheme and offers different levels of protections and increase the area overhead by a factor of 33% and 9%, respectively.

Cryptanalysis and Secure Implementation of Modern Cryptographic Algorithms

- Computer Science, Mathematics
- 2012

An off-the-shelf SAT solver is investigated to improve the key recovery of the Advance Encryption Standard (AES-128) key schedules from its corresponding decayed memory images which can be obtained using cold-boot attacks.

Loop abort Faults on Lattice-Based Fiat-Shamir & Hash'n Sign signatures

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2016

Several possible fault attacks against some instances of the Fiat-Shamir family of signature scheme on lattices and on the GPV scheme, member of the Hash'n Sign family are presented.

Loop-Abort Faults on Lattice-Based Signature Schemes and Key Exchange Protocols

- Computer Science, MathematicsIEEE Transactions on Computers
- 2018

This paper presents several fault attacks against those schemes that recover the entire key recovery with only a few faulty executions, show that those attacks can be mounted in practice based on concrete experiments in hardware, and discuss possible countermeasures against them.

Strengthening hardware implementations of NTRUEncrypt against fault analysis attacks

- Computer Science, MathematicsJournal of Cryptographic Engineering
- 2013

Several techniques to strengthen hardware implementations of NTRUEncrypt against fault analysis attacks are investigated, by utilizing the algebraic structure of the cipher to propose several countermeasures based on error detection checksum codes, and spatial/temporal redundancies.

Fault Sensitivity Analysis of Lattice-Based Post-Quantum Cryptographic Components

- Computer Science, MathematicsSAMOS
- 2019

Fault sensitivity analysis (FSA) of circuit blocks used in lattice-based cryptographic implementations and a representative complete post-quantum algorithm, which is the most complex cryptographic implementation so far broken by FSA, and the first such PQC implementation.

Special session: hampering fault attacks against lattice-based signature schemes - countermeasures and their efficiency

- Computer Science, Mathematics2017 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS)
- 2017

This work performs an exhaustive literature review on fault attacks on lattice-based encryption and signature schemes and provides a complete overview of suggested countermeasures and analyze which of the proposed attacks can prevented by respective countermeasures.

Physical Protection of Lattice-Based Cryptography: Challenges and Solutions

- Computer Science, MathematicsACM Great Lakes Symposium on VLSI
- 2018

The state-of-the-art in terms of side channel attacks (SCA), both invasive and passive attacks, and proposed countermeasures are surveyed, i.e., addressing the physical security of lattice-based cryptographic implementations.

Hampering fault attacks against lattice-based signature schemes: countermeasures and their efficiency (special session)

- Computer Science, MathematicsCODES+ISSS
- 2017

This work performs an exhaustive literature review on fault attacks on lattice-based encryption and signature schemes and provides a complete overview of suggested countermeasures and analyze which of the proposed attacks can prevented by respective countermeasures.

Implementation Attacks on Post-Quantum Cryptographic Schemes

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2015

An exhaustive survey of research efforts in designing embedded modules of post-quantum cryptographic schemes and the efforts in securing these modules against implementation attacks shows that the world is not ready yet to implement any post-Quantum cryptographic scheme in practical embedded systems.

## References

SHOWING 1-10 OF 41 REFERENCES

Fault Analysis of the NTRUEncrypt Cryptosystem

- Mathematics, Computer ScienceIEICE Trans. Fundam. Electron. Commun. Comput. Sci.
- 2011

For this specific original instantiation of the NTRU encryption system with parameters (N,p,q), the attack succeeds with probability ≈ 1 - 1/p and when the number of faulted coefficients is upper bounded by t, it requires O((pN)t) polynomial inversions in Z/pZ[x]/(xN - 1).

Cryptanalysis of the Revised NTRU Signature Scheme

- Computer Science, MathematicsEUROCRYPT
- 2002

A three-stage attack against Revised NSS, an NTRU-based signature scheme, shows that a passive adversary observing only a few valid signatures can recover the signer's entire private key in polynomial time.

Why One Should Also Secure RSA Public Key Elements

- Computer Science, MathematicsCHES
- 2006

This article introduces the first fault attack applied on RSA in standard mode, and concludes that it is also mandatory to protect RSA’s public parameters against fault attacks.

Cryptanalysis of the NTRU Signature Scheme (NSS) from Eurocrypt 2001

- Computer Science, MathematicsASIACRYPT
- 2001

It is shown that the problem on which NSS relies is much easier than anticipated, and an attack is described that allows efficient forgery of a signature on any message, and that a transcript of signatures leaks information about the secret key.

Improved Fault Analysis of Signature Schemes

- Computer ScienceCARDIS
- 2010

It is proved that 34.3% less faulty signatures are required to recover a private key using the same fault model as Giraud and Knudsen's fault attack, which was presented at ACISP 2004.

Perturbating RSA Public Keys: An Improved Attack

- Computer ScienceCHES
- 2008

A new fault attack on RSA public elements is described under a very natural fault model, and it is shown that this is a real threat for all RSA implementations, and the need for protection of the public key is confirmed.

Practical Fault Countermeasures for Chinese Remaindering Based RSA ( Extended Abstract )

- Computer Science
- 2005

This paper reviews known countermeasures against fault attacks and presents practical countermeasures which feature the following advantages: only CRT input elements are needed, the value of exponents e and/or d is not required, and all previously known fault attacks are covered.

On authenticated computing and RSA-based authentication

- Computer ScienceCCS '05
- 2005

A novel hardware attack against RSA-based authentication of programs by proving how to let the RSA verification process accept signatures of arbitrary code --- signed with the authors' own self-created private key.

Weak Property of Malleability in NTRUSign

- Computer Science, MathematicsACISP
- 2004

It is shown that NTRUSign signature scheme contains the weakness of malleability, which means that N TRUSign is not secure against strongly existential forgery and a simple technique is proposed to avoid this flaw.

Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures

- Computer ScienceWISTP
- 2007

This paper shows that if an attacker can do a double-fault attack that gives the first fault during one of the exponentiation and the other to skip the error-checking routine, then he can succeed in breaking RSA and proposes a simple and almost cost-free method to defeat it.