Fault analysis of the NTRUSign digital signature scheme

@article{Kamal2011FaultAO,
  title={Fault analysis of the NTRUSign digital signature scheme},
  author={Abdel Alim Kamal and Amr M. Youssef},
  journal={Cryptography and Communications},
  year={2011},
  volume={4},
  pages={131-144}
}
We present a fault analysis of the NTRUSign digital signature scheme. The utilized fault model is the one in which the attacker is assumed to be able to fault a small number of coefficients in a specific polynomial during the signing process but cannot control the exact location of the injected transient faults. For NTRUsign with parameters (N, q = pl, $\mathcal{B}$, standard, $\mathcal{N}$), when the attacker is able to skip the norm-bound signature checking step, our attack needs one fault… 

Figures and Tables from this paper

Fault analysis-resistant implementation of Rainbow Signature scheme
TLDR
This paper proposes and compares two fault analysis-resistant implementations for the Rainbow signature scheme and offers different levels of protections and increase the area overhead by a factor of 33% and 9%, respectively.
Cryptanalysis and Secure Implementation of Modern Cryptographic Algorithms
TLDR
An off-the-shelf SAT solver is investigated to improve the key recovery of the Advance Encryption Standard (AES-128) key schedules from its corresponding decayed memory images which can be obtained using cold-boot attacks.
Loop abort Faults on Lattice-Based Fiat-Shamir & Hash'n Sign signatures
TLDR
Several possible fault attacks against some instances of the Fiat-Shamir family of signature scheme on lattices and on the GPV scheme, member of the Hash'n Sign family are presented.
Loop-Abort Faults on Lattice-Based Signature Schemes and Key Exchange Protocols
TLDR
This paper presents several fault attacks against those schemes that recover the entire key recovery with only a few faulty executions, show that those attacks can be mounted in practice based on concrete experiments in hardware, and discuss possible countermeasures against them.
Strengthening hardware implementations of NTRUEncrypt against fault analysis attacks
TLDR
Several techniques to strengthen hardware implementations of NTRUEncrypt against fault analysis attacks are investigated, by utilizing the algebraic structure of the cipher to propose several countermeasures based on error detection checksum codes, and spatial/temporal redundancies.
Fault Sensitivity Analysis of Lattice-Based Post-Quantum Cryptographic Components
TLDR
Fault sensitivity analysis (FSA) of circuit blocks used in lattice-based cryptographic implementations and a representative complete post-quantum algorithm, which is the most complex cryptographic implementation so far broken by FSA, and the first such PQC implementation.
Special session: hampering fault attacks against lattice-based signature schemes - countermeasures and their efficiency
TLDR
This work performs an exhaustive literature review on fault attacks on lattice-based encryption and signature schemes and provides a complete overview of suggested countermeasures and analyze which of the proposed attacks can prevented by respective countermeasures.
Physical Protection of Lattice-Based Cryptography: Challenges and Solutions
TLDR
The state-of-the-art in terms of side channel attacks (SCA), both invasive and passive attacks, and proposed countermeasures are surveyed, i.e., addressing the physical security of lattice-based cryptographic implementations.
Hampering fault attacks against lattice-based signature schemes: countermeasures and their efficiency (special session)
TLDR
This work performs an exhaustive literature review on fault attacks on lattice-based encryption and signature schemes and provides a complete overview of suggested countermeasures and analyze which of the proposed attacks can prevented by respective countermeasures.
Implementation Attacks on Post-Quantum Cryptographic Schemes
TLDR
An exhaustive survey of research efforts in designing embedded modules of post-quantum cryptographic schemes and the efforts in securing these modules against implementation attacks shows that the world is not ready yet to implement any post-Quantum cryptographic scheme in practical embedded systems.
...
1
2
...

References

SHOWING 1-10 OF 41 REFERENCES
Fault Analysis of the NTRUEncrypt Cryptosystem
  • A. A. Kamal, A. Youssef
  • Mathematics, Computer Science
    IEICE Trans. Fundam. Electron. Commun. Comput. Sci.
  • 2011
TLDR
For this specific original instantiation of the NTRU encryption system with parameters (N,p,q), the attack succeeds with probability ≈ 1 - 1/p and when the number of faulted coefficients is upper bounded by t, it requires O((pN)t) polynomial inversions in Z/pZ[x]/(xN - 1).
Cryptanalysis of the Revised NTRU Signature Scheme
TLDR
A three-stage attack against Revised NSS, an NTRU-based signature scheme, shows that a passive adversary observing only a few valid signatures can recover the signer's entire private key in polynomial time.
Why One Should Also Secure RSA Public Key Elements
TLDR
This article introduces the first fault attack applied on RSA in standard mode, and concludes that it is also mandatory to protect RSA’s public parameters against fault attacks.
Cryptanalysis of the NTRU Signature Scheme (NSS) from Eurocrypt 2001
TLDR
It is shown that the problem on which NSS relies is much easier than anticipated, and an attack is described that allows efficient forgery of a signature on any message, and that a transcript of signatures leaks information about the secret key.
Improved Fault Analysis of Signature Schemes
TLDR
It is proved that 34.3% less faulty signatures are required to recover a private key using the same fault model as Giraud and Knudsen's fault attack, which was presented at ACISP 2004.
Perturbating RSA Public Keys: An Improved Attack
TLDR
A new fault attack on RSA public elements is described under a very natural fault model, and it is shown that this is a real threat for all RSA implementations, and the need for protection of the public key is confirmed.
Practical Fault Countermeasures for Chinese Remaindering Based RSA ( Extended Abstract )
TLDR
This paper reviews known countermeasures against fault attacks and presents practical countermeasures which feature the following advantages: only CRT input elements are needed, the value of exponents e and/or d is not required, and all previously known fault attacks are covered.
On authenticated computing and RSA-based authentication
TLDR
A novel hardware attack against RSA-based authentication of programs by proving how to let the RSA verification process accept signatures of arbitrary code --- signed with the authors' own self-created private key.
Weak Property of Malleability in NTRUSign
TLDR
It is shown that NTRUSign signature scheme contains the weakness of malleability, which means that N TRUSign is not secure against strongly existential forgery and a simple technique is proposed to avoid this flaw.
Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures
TLDR
This paper shows that if an attacker can do a double-fault attack that gives the first fault during one of the exponentiation and the other to skip the error-checking routine, then he can succeed in breaking RSA and proposes a simple and almost cost-free method to defeat it.
...
1
2
3
4
5
...