Internet Archive Scholar

Recovering Rainbow's Secret Key with a First-Order Fault Attack [article]

Thomas Aulbach, Tobias Kovats, Juliane Krämer, Soundes Marzougui
2022 IACR Cryptology ePrint Archive  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (386.3 kB)
https://web.archive.org/web/20220523135600/https://eprint.iacr.org/2022/632.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

Rainbow, a multivariate digital signature scheme and third round finalist in NIST's PQC standardization process, is a layered version of the unbalanced oil and vinegar (UOV) scheme. We introduce two fault attacks, each focusing on one of the secret linear transformations T and S used to hide the structure of the central map in Rainbow. The first fault attack reveals a part of T and we prove that this is enough to achieve a full key recovery with negligible computational effort for all parameter
more » ... sets of Rainbow. The second one unveils S, which can be extended to a full key recovery by the Kipnis-Shamir attack. Our work exposes the secret transformations used in multivariate signature schemes as an important attack vector for physical attacks, which need further protection. Our attacks target the optimized Cortex-M4 implementation and require only first-order instruction skips and a moderate amount of faulted signatures.
dblp:journals/iacr/AulbachKKM22 fatcat:lp55xp2ks5hf3gmmhnb5v2wfvm
Citation

Thomas Aulbach, Tobias Kovats, Juliane Krämer, Soundes Marzougui. "Recovering Rainbow's Secret Key with a First-Order Fault Attack." IACR Cryptology ePrint Archive (2022) 632