Skip to main content

A Differential Fault Attack Against Deterministic Falcon Signatures

  • Conference paper
  • First Online:
Smart Card Research and Advanced Applications (CARDIS 2023)

Abstract

We describe a fault attack against the deterministic variant of the \(\textsc {Falcon}\) signature scheme. It is the first fault attack that exploits specific properties of deterministic \(\textsc {Falcon}\). The attack works under a very relaxed and realistic single fault random model. The main idea is to inject a fault into the pseudo-random generator of the pre-image trapdoor sampler, generate different signatures for the same input, find reasonably short lattice vectors this way, and finally use lattice reduction techniques to obtain the private key. We investigate the relationship between fault location, the number of faults, computational effort for a possibly remaining exhaustive search step and success probability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In practice, the coefficients of the polynomials f and g are generated following a discrete Gaussian distribution with center 0 and standard deviation \(\sigma =1.17\sqrt{q/2n}\).

  2. 2.

    commit 02a2a64c44147775e6870b2d957f2cfda1437895.

References

  1. Akleylek, S., Bindel, N., Buchmann, J.A., Krämer, J., Marson, G.A.: An efficient lattice-based signature scheme with provably secure instantiation. In: Pointcheval, D., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2016. LNCS, vol. 9646, pp. 44–60. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-319-31517-1_3

    Chapter  Google Scholar 

  2. Albrecht, M.R., Ducas, L., Herold, G., Kirshanova, E., Postlethwaite, E.W., Stevens, M.: The general sieve kernel and new records in lattice reduction. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part II. LNCS, vol. 11477, pp. 717–746. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-030-17656-3_25

    Chapter  Google Scholar 

  3. Ambrose, C., Bos, J.W., Fay, B., Joye, M., Lochter, M., Murray, B.: Differential attacks on deterministic signatures. In: Smart, N.P. (ed.) CT-RSA 2018. LNCS, vol. 10808, pp. 339–353. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-319-76953-0_18

    Chapter  Google Scholar 

  4. Barenghi, A., Pelosi, G.: A note on fault attacks against deterministic signature schemes. In: Ogawa, K., Yoshioka, K. (eds.) IWSEC 16. LNCS, vol. 9836, pp. 182–192. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-319-44524-3_11

    Chapter  Google Scholar 

  5. Bindel, N., et al.: qTESLA. Technical report, National Institute of Standards and Technology (2017). https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions

  6. Bindel, N., Buchmann, J., Krämer, J.: Lattice-based signature schemes and their sensitivity to fault attacks. In: 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2016, Santa Barbara, CA, USA, 16 August 2016, pp. 63–77. IEEE Computer Society (2016). https://doi.org/10.1109/FDTC.2016.11

  7. Bruinderink, L.G., Pessl, P.: Differential fault attacks on deterministic lattice signatures. IACR TCHES 2018(3), 21–43 (2018). https://doi.org/10.13154/tches.v2018.i3.21-43. https://tches.iacr.org/index.php/TCHES/article/view/7267

  8. Cao, W., Shi, H., Chen, H., Chen, J., Fan, L., Wu, W.: Lattice-based fault attacks on deterministic signature schemes of ECDSA and EDDSA. In: Galbraith, S.D. (ed.) Topics in Cryptology - CT-RSA 2022. Lecture Notes in Computer Science, vol. 13161, pp. 169–195. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-95312-6_8

    Chapter  Google Scholar 

  9. Chuengsatiansup, C., Prest, T., Stehlé, D., Wallet, A., Xagawa, K.: ModFalcon: compact signatures based on module NTRU lattices. Cryptology ePrint Archive, Report 2019/1456 (2019). https://eprint.iacr.org/2019/1456

  10. Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal Gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_3

    Chapter  Google Scholar 

  11. Ducas, L., Lyubashevsky, V., Prest, T.: Efficient identity-based encryption over NTRU lattices. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 22–41. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_2

    Chapter  Google Scholar 

  12. Espitau, T., Fouque, P.A., Gérard, B., Tibouchi, M.: Loop-abort faults on lattice-based Fiat-Shamir and hash-and-sign signatures. In: Avanzi, R., Heys, H.M. (eds.) SAC 2016. LNCS, vol. 10532, pp. 140–158. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-319-69453-5_8

    Chapter  Google Scholar 

  13. Espitau, T., et al.: Mitaka: a simpler, parallelizable, maskable variant of falcon. Cryptology ePrint Archive, Report 2021/1486 (2021). https://eprint.iacr.org/2021/1486

  14. Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. Cryptology ePrint Archive, Report 2007/432 (2007). https://eprint.iacr.org/2007/432

  15. Guillen, O.M., Gruber, M., De Santis, F.: Low-cost setup for localized semi-invasive optical fault injection attacks - how low can we go? In: Guilley, S. (ed.) COSADE 2017. LNCS, vol. 10348, pp. 207–222. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-64647-3_13

    Chapter  Google Scholar 

  16. Güneysu, T., Lyubashevsky, V., Pöppelmann, T.: Practical lattice-based cryptography: a signature scheme for embedded systems. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 530–547. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_31

    Chapter  Google Scholar 

  17. Hulsing, A., et al.: SPHINCS+. Technical report, National Institute of Standards and Technology (2022). https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022

  18. Lazar, D., Peikert, C., algoidan: Deterministic falcon implementation. https://github.com/algorand/falcon. Accessed 17 Nov 2022

  19. Lu, X., Zhang, Z., Au, M.H.: Practical signatures from the partial Fourier recovery problem revisited: a provably-secure and Gaussian-distributed construction. In: Susilo, W., Yang, G. (eds.) ACISP 2018. LNCS, vol. 10946, pp. 813–820. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-319-93638-3_50

    Chapter  Google Scholar 

  20. Lyubashevsky, V., et al.: CRYSTALS-DILITHIUM. Technical report, National Institute of Standards and Technology (2017). https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions

  21. Lyubashevsky, V., et al.: CRYSTALS-DILITHIUM. Technical report, National Institute of Standards and Technology (2022). https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022

  22. McCarthy, S., Howe, J., Smyth, N., Brannigan, S., O’Neill, M.: BEARZ attack FALCON: Implementation attacks with countermeasures on the FALCON signature scheme. Cryptology ePrint Archive, Report 2019/478 (2019). https://eprint.iacr.org/2019/478

  23. NIST: NIST announces first four quantum-resistant cryptographic algorithms. https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms (2022). Accessed 21 Dec 2022

  24. Poddebniak, D., Somorovsky, J., Schinzel, S., Lochter, M., Rösler, P.: Attacking deterministic signature schemes using fault attacks. Cryptology ePrint Archive, Report 2017/1014 (2017). https://eprint.iacr.org/2017/1014

  25. Poddebniak, D., Somorovsky, J., Schinzel, S., Lochter, M., Rösler, P.: Attacking deterministic signature schemes using fault attacks. In: 2018 IEEE European Symposium on Security and Privacy, EuroS &P 2018, London, United Kingdom, 24–26 April 2018, pp. 338–352. IEEE (2018). https://doi.org/10.1109/EuroSP.2018.00031

  26. Prest, T., ‘Dan’: falcon.py. https://github.com/tprest/falcon.py. Accessed 31 Dec 2022

  27. Prest, T., et al.: FALCON. Technical report, National Institute of Standards and Technology (2022). https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022

  28. Romailler, Y., Pelissier, S.: Practical fault attack against the ED25519 and EDDSA signature schemes. In: 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2017, Taipei, Taiwan, 25 September 2017, pp. 17–24. IEEE Computer Society (2017). https://doi.org/10.1109/FDTC.2017.12

  29. Samwel, N., Batina, L.: Practical fault injection on deterministic signatures: the case of EdDSA. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 306–321. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-319-89339-6_17

    Chapter  Google Scholar 

  30. Schwabe, P., et al.: CRYSTALS-KYBER. Technical report, National Institute of Standards and Technology (2022). https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022

  31. Zeh, A., Meier, M., Rieger, V.: Parity-based concurrent error detection schemes for the ChaCha stream cipher. In: 2019 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems, DFT 2019, Noordwijk, Netherlands, 2–4 October 2019, pp. 1–4. IEEE (2019). https://doi.org/10.1109/DFT.2019.8875478

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Sven Bauer .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bauer, S., De Santis, F. (2024). A Differential Fault Attack Against Deterministic Falcon Signatures. In: Bhasin, S., Roche, T. (eds) Smart Card Research and Advanced Applications. CARDIS 2023. Lecture Notes in Computer Science, vol 14530. Springer, Cham. https://doi.org/10.1007/978-3-031-54409-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54409-5_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54408-8

  • Online ISBN: 978-3-031-54409-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics