Flush, gauss, and reload – a cache attack on the BLISS lattice-based signature scheme

dc.contributor.authorGroot Bruinderink, L.
dc.contributor.authorHülsing, A.
dc.contributor.authorLange, T.
dc.contributor.authorYarom, Y.
dc.contributor.conference18th International Conference on Cryptographic Hardware and Embedded Systems (CHES) (17 Aug 2016 - 19 Aug 2016 : Santa Barbara, CA)
dc.contributor.editorGierlichs, B.
dc.contributor.editorPoschmann, A.
dc.date.issued2016
dc.descriptionLecture Notes in Computer Science, vol. 9813
dc.description.abstractWe present the first side-channel attack on a lattice-based signature scheme, using the Flush+Reload cache-attack. The attack is targeted at the discrete Gaussian sampler, an important step in the Bimodal Lattice Signature Schemes (BLISS). After observing only 450 signatures with a perfect side-channel, an attacker is able to extract the secret BLISS-key in less than 2 minutes, with a success probability of 0.96. Similar results are achieved in a proof-of-concept implementation using the Flush+Reload technique with less than 3500 signatures. We show how to attack sampling from a discrete Gaussian using CDT or Bernoulli sampling by showing potential information leakage via cache memory. For both sampling methods, a strategy is given to use this additional information, finalize the attack and extract the secret key. We provide experimental evidence for the idealized perfect side-channel attacks and the Flush+Reload attack on two recent CPUs.
dc.description.statementofresponsibilityLeon Groot Bruinderink, Andreas Hülsing, Tanja Lange, and Yuval Yarom
dc.identifier.citationLecture Notes in Artificial Intelligence, 2016 / Gierlichs, B., Poschmann, A. (ed./s), vol.9813 LNCS, pp.323-345
dc.identifier.doi10.1007/978-3-662-53140-2_16
dc.identifier.isbn9783662531396
dc.identifier.issn0302-9743
dc.identifier.issn1611-3349
dc.identifier.orcidYarom, Y. [0000-0003-0401-4197]
dc.identifier.urihttp://hdl.handle.net/2440/108057
dc.language.isoen
dc.publisherSpringer
dc.relation.ispartofseriesLecture Notes in Computer Science
dc.rights© International Association for Cryptologic Research 2016
dc.source.urihttps://doi.org/10.1007/978-3-662-53140-2_16
dc.subjectSCA; Flush+Reload; Lattices; BLISS; Discrete Gaussians
dc.titleFlush, gauss, and reload – a cache attack on the BLISS lattice-based signature scheme
dc.typeConference paper
pubs.publication-statusPublished

Files

Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
RA_hdl_108057.pdf
Size:
368.18 KB
Format:
Adobe Portable Document Format
Description:
Restricted Access