Flush, gauss, and reload – a cache attack on the BLISS lattice-based signature scheme
dc.contributor.author | Groot Bruinderink, L. | |
dc.contributor.author | Hülsing, A. | |
dc.contributor.author | Lange, T. | |
dc.contributor.author | Yarom, Y. | |
dc.contributor.conference | 18th International Conference on Cryptographic Hardware and Embedded Systems (CHES) (17 Aug 2016 - 19 Aug 2016 : Santa Barbara, CA) | |
dc.contributor.editor | Gierlichs, B. | |
dc.contributor.editor | Poschmann, A. | |
dc.date.issued | 2016 | |
dc.description | Lecture Notes in Computer Science, vol. 9813 | |
dc.description.abstract | We present the first side-channel attack on a lattice-based signature scheme, using the Flush+Reload cache-attack. The attack is targeted at the discrete Gaussian sampler, an important step in the Bimodal Lattice Signature Schemes (BLISS). After observing only 450 signatures with a perfect side-channel, an attacker is able to extract the secret BLISS-key in less than 2 minutes, with a success probability of 0.96. Similar results are achieved in a proof-of-concept implementation using the Flush+Reload technique with less than 3500 signatures. We show how to attack sampling from a discrete Gaussian using CDT or Bernoulli sampling by showing potential information leakage via cache memory. For both sampling methods, a strategy is given to use this additional information, finalize the attack and extract the secret key. We provide experimental evidence for the idealized perfect side-channel attacks and the Flush+Reload attack on two recent CPUs. | |
dc.description.statementofresponsibility | Leon Groot Bruinderink, Andreas Hülsing, Tanja Lange, and Yuval Yarom | |
dc.identifier.citation | Lecture Notes in Artificial Intelligence, 2016 / Gierlichs, B., Poschmann, A. (ed./s), vol.9813 LNCS, pp.323-345 | |
dc.identifier.doi | 10.1007/978-3-662-53140-2_16 | |
dc.identifier.isbn | 9783662531396 | |
dc.identifier.issn | 0302-9743 | |
dc.identifier.issn | 1611-3349 | |
dc.identifier.orcid | Yarom, Y. [0000-0003-0401-4197] | |
dc.identifier.uri | http://hdl.handle.net/2440/108057 | |
dc.language.iso | en | |
dc.publisher | Springer | |
dc.relation.ispartofseries | Lecture Notes in Computer Science | |
dc.rights | © International Association for Cryptologic Research 2016 | |
dc.source.uri | https://doi.org/10.1007/978-3-662-53140-2_16 | |
dc.subject | SCA; Flush+Reload; Lattices; BLISS; Discrete Gaussians | |
dc.title | Flush, gauss, and reload – a cache attack on the BLISS lattice-based signature scheme | |
dc.type | Conference paper | |
pubs.publication-status | Published |
Files
Original bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- RA_hdl_108057.pdf
- Size:
- 368.18 KB
- Format:
- Adobe Portable Document Format
- Description:
- Restricted Access