6,899 Hits in 2.6 sec

Differential Fault Attacks on Deterministic Lattice Signatures

Leon Groot Bruinderink, Peter Pessl
2018 Transactions on Cryptographic Hardware and Embedded Systems  
We show how two deterministic lattice-based signature schemes, Dilithium and qTESLA, are vulnerable to such attacks.  ...  In this paper, we extend the applicability of differential fault attacks to lattice-based cryptography.  ...  Differential Faults on Deterministic Lattice Signatures In this section, we present our differential fault attacks on Dilithium.  ... 
doi:10.13154/tches.v2018.i3.21-43 dblp:journals/tches/BruinderinkP18 fatcat:ao3qkoxeh5ajxemjwwfkgrne4a

Lattice-based Fault Attacks against Deterministic Signatures ECDSA and EdDSA [article]

Weiqiong Cao, Hongsong Shi, Hua Chen, Wei Xi, Haoyuan Li, Limin Fan, Wenling Wu
2020 IACR Cryptology ePrint Archive  
This makes the allowed faulty bits close to the size of the signing key, and obviously bigger than that of the existing differential fault attacks.  ...  The deterministic ECDSA and EdDSA signature schemes have found plenty of applications since their publication and standardization.  ...  But the situation is not improved, since new flaws in deterministic signature algorithms have been gradually identified when considering differential fault attacks (DFA) [5, 28, 29, 30] .  ... 
dblp:journals/iacr/CaoSCXLFW20 fatcat:ltngrwcvxfei5ip6weadqsmlde

Differential Fault Attack on the Stream Cipher LIZARD

MA Zhen, TIAN Tian, QI Wenfeng
2021 Chinese journal of electronics  
In this paper, we try to give a security evaluation of LIZARD stream cipher in regard to fault attacks, which, to the best of our knowledge, is the first fault analysis on LIZARD.  ...  We design a differential engine of LIZARD to track the differential trail of the keystreams. It is shown that the distributions of the keystream differences are heavily biased.  ...  The First and Second signature vectors collect the "certain" differences in the differential keystream which are deterministic to be 0 or 1.  ... 
doi:10.1049/cje.2021.04.007 fatcat:6mnhlpcfprdv7oewkr233wkofq

Attacks Against White-Box ECDSA and Discussion of Countermeasures - A Report on the WhibOx Contest 2021 [article]

Sven Bauer, Hermann Drexler, Maximilian Gebhardt, Dominik Klein, Friederike Laus, Johannes Mittmann
2022 IACR Cryptology ePrint Archive  
This paper deals with white-box implementations of the Elliptic Curve Digital Signature Algorithm (ECDSA): First, we consider attack paths to break such implementations.  ...  Then, we propose different mathematical countermeasures, mainly based on masking/blinding of sensitive variables, in order to prevent or at least make such attacks more difficult.  ...  Comparison with Previous Work Several differential fault attacks on deterministic ECDSA and EdDSA were introduced in [ABF + 18], which form the foundation of our approach.  ... 
dblp:journals/iacr/BauerDGKLM22 fatcat:fqlrmlxpifgkxgd653gzjui75q

Exploiting Determinism in Lattice-based Signatures - Practical Fault Attacks on pqm4 Implementations of NIST candidates [article]

Prasanna Ravi, Mahabir Prasad Jhanwar, James Howe, Anupam Chattopadhyay, Shivam Bhasin
2019 IACR Cryptology ePrint Archive  
In this paper, we analyze the implementation level fault vulnerabilities of deterministic lattice-based signature schemes.  ...  In particular, we extend the practicality of skip-addition fault attacks through exploitation of determinism in certain variants of Dilithium (Deterministic variant) and qTESLA signature scheme (originally  ...  The first attack on deterministic lattice-based signatures was proposed by Bruinderink and Pessl [11] who developed a differential style fault attack mainly exploiting the deterministic nature of the  ... 
dblp:journals/iacr/RaviJHCB19 fatcat:gxxaxnlstvgudkqrzdkcy6su2q

Digital signature schemes with strong existential unforgeability

Jason Chia, Ji-Jian Chin, Sook-Chin Yip
2021 F1000Research  
However, the EUF-CMA model does not account for attacks such as an attacker forging a different signature on an existing message, even though the attack could be devastating in the real world and constitutes  ...  The security of DSS is analyzed through the existential unforgeability under chosen message attack (EUF-CMA) experiment which promises unforgeability of signatures on new messages even when the attacker  ...  This means that FDH-RSA signatures are deterministic.  ... 
doi:10.12688/f1000research.72910.1 fatcat:p2kobpm5zng6flvikbbyfrii6i

Breaking Ed25519 in WolfSSL [chapter]

Niels Samwel, Lejla Batina, Guido Bertoni, Joan Daemen, Ruggero Susella
2018 Lecture Notes in Computer Science  
We apply differential power analysis (DPA) on the underlying hash function, SHA-512, requiring only 4 000 traces.  ...  Ed25519 is an instance of the Elliptic Curve based signature scheme EdDSA that was recently introduced to solve an inconvenience of the more established ECDSA.  ...  The authors rely on the idea to "generate random signatures in a secretly deterministic way" such that "different messages lead to different, hard-to-predict values of ephemeral key r".  ... 
doi:10.1007/978-3-319-76953-0_1 fatcat:vpxe3i4n7jgozb4npadi5iwh7y

Image Authentication using RSA and Chaotic Map

Chitra Solanki, Madhu Sharma
2015 International Journal of Computer Applications  
using it on image rather than text [2].  ...  In 2014, Chin-Chen Chang, Chin-Yu Sun, and Shih-Chang Chang has given a similar designed certificateless-based signature scheme based on RSA operations; however, their scheme is modified and improved by  ...  Differential attack One minor change in the plain image causes large changes in the cipher image then differential analysis may become useless.  ... 
doi:10.5120/20835-3399 fatcat:cjwqay2v6rh6jklelddeoedc2e

Page 3402 of Mathematical Reviews Vol. , Issue 98E [page]

1998 Mathematical Reviews  
The first property means that the opening protocol consists of the entity A sending one message to B, and where B’s verifi- cation is deterministic.  ...  It is shown that, when randomly generated substitution boxes (s-boxes) are used in a CAST-like encryption algorithm, the resulting cipher is resistant to both the linear attack and the differential attack  ... 

Page 3824 of Mathematical Reviews Vol. , Issue 2000e [page]

2000 Mathematical Reviews  
They are deterministic and the size of a signature is much smaller than that of a signature in Rabin’s scheme.  ...  chosen higher order differences (106-117); Kazumaro Aoki, On maximum non-averaged differential probability (118-130); S.  ... 

Ring signature scheme based on multivariate public key cryptosystems

Shangping Wang, Rui Ma, Yaling Zhang, Xiaofeng Wang
2011 Computers and Mathematics with Applications  
Our ring signature scheme has a great advantage in efficiency compared to many existing ring signature schemes, and currently it seems to be immune to quantum computing attacks.  ...  Multivariate public key cryptosystems (MPKCs) is one of the promising alternatives which may resist future quantum computing attacks.  ...  Differential attacks, and so on.  ... 
doi:10.1016/j.camwa.2011.09.052 fatcat:nmasjynaoncibou73c3wsqvp5i

Aggregation of Trustworthy Announcement Messages in Vehicular Ad Hoc Networks

Alexandre Viejo, Francesc Sebe, Josep Domingo-Ferrer
2009 VTC Spring 2009 - IEEE 69th Vehicular Technology Conference  
Internal attacks are thwarted by using an endorsement mechanism based on multisignatures.  ...  A new system for vehicle-generated announcements is presented that is secure against external and internal attackers attempting to send fake messages.  ...  signature on it.  ... 
doi:10.1109/vetecs.2009.5073371 dblp:conf/vtc/ViejoSD09 fatcat:wtybcp2gprefblzrtl73efipau

Generic Attacks and the Security of Quartz [chapter]

Nicolas T. Courtois
2002 Lecture Notes in Computer Science  
On one hand, we present generic attacks on such schemes. On the other hand, we study the possibility to prove or justify the security with some well chosen assumptions.  ...  The signature scheme Quartz is based on a trapdoor function G belonging to a family called HFEv-.  ...  Then the exact security of the differential signature scheme for no-message attacks is K ) .  ... 
doi:10.1007/3-540-36288-6_26 fatcat:jr24hl5jr5byzfp2ol76ojp4e4

Malicious Hashing: Eve's Variant of SHA-1 [chapter]

Ange Albertini, Jean-Philippe Aumasson, Maria Eichlseder, Florian Mendel, Martin Schläffer
2014 Lecture Notes in Computer Science  
Modified versions of cryptographic standards are typically used on closed systems (e.g., in pay-TV, media and gaming platforms) and aim to differentiate cryptographic components across customers or services  ...  Our malicious SHA-1 instances have round constants that differ from the original ones in only 40 bits (on average).  ...  A high-level overview of such a differential attack on SHA-1 is given as follows: 1.  ... 
doi:10.1007/978-3-319-13051-4_1 fatcat:qpzc4drqw5fkxbz25qnobr62fi

Confidential Signatures and Deterministic Signcryption [chapter]

Alexander W. Dent, Marc Fischlin, Mark Manulis, Martijn Stam, Dominique Schröder
2010 Lecture Notes in Computer Science  
Finally, we show that one can derandomize any signcryption scheme in our model and obtain a secure deterministic scheme.  ...  Our definitions are based on previous efforts for highly-entropic, deterministic public-key encryption [3] , and yield three versions of confidential signature schemes: -Weak confidentiality means that  ...  Acknowledgements The authors wish to thank the ECRYPT II MAYA working group on the design and analysis of primitives and protocols for interesting preliminary discussions on this topic.  ... 
doi:10.1007/978-3-642-13013-7_27 fatcat:uyq6c7vdl5bm5ofpjujwsnsbx4
« Previous Showing results 1 — 15 out of 6,899 results