filmov
tv
COSIC seminar 'Signature Correction Attacks on Post-quantum Schemes' (Berk Sunar)
Показать описание
COSIC seminar – Signature Correction Attacks on Post-quantum Schemes – Berk Sunar (Worcester Polytechnic Institute)
After a six year long competition in July the US NIST announced the first four quantum resistant algorithms considered for standardization: Crystals-Kyber is a KEM, and signature schemes Crystals-Dilithium, Falcon and SPHINCS+. As companies prepare to deploy these newly standardized schemes, it becomes essential to secure implementations against side-channel attacks. Indeed many NIST submissions already included constant-time implementations for this very reason.
In this talk we outline a new class of fault injection attacks, collectively called Signature Correction Attacks (SCA), targeting post-quantum signature schemes. While SCA works with many fault mechanisms, it becomes especially effective on platforms vulnerable to Rowhammer thus yielding a software only attack. We outline two SCA attack results targeting LUOV and Crystals-Dilithium using Rowhammer on their reference implementations. We also outline the additional processing steps required to amplify the recovered partial information to full key recovery.
After a six year long competition in July the US NIST announced the first four quantum resistant algorithms considered for standardization: Crystals-Kyber is a KEM, and signature schemes Crystals-Dilithium, Falcon and SPHINCS+. As companies prepare to deploy these newly standardized schemes, it becomes essential to secure implementations against side-channel attacks. Indeed many NIST submissions already included constant-time implementations for this very reason.
In this talk we outline a new class of fault injection attacks, collectively called Signature Correction Attacks (SCA), targeting post-quantum signature schemes. While SCA works with many fault mechanisms, it becomes especially effective on platforms vulnerable to Rowhammer thus yielding a software only attack. We outline two SCA attack results targeting LUOV and Crystals-Dilithium using Rowhammer on their reference implementations. We also outline the additional processing steps required to amplify the recovered partial information to full key recovery.
0:44:47
0:37:07
0:20:44
2:00:19
0:59:51
0:23:59
0:17:30
0:38:43
0:16:57
0:46:43
0:34:53
1:11:57
0:55:07
1:13:22
0:18:45
0:25:38
0:46:09
0:40:19
1:01:04
0:53:50
0:16:41
0:56:12
1:02:40
0:22:44