Pub Date : 2023-04-12DOI: 10.3390/cryptography7020021
Quan Zhou, Yulong Zheng, Kaijun Wei, Minhui Chen, Zhikang Zeng
Digital signature technology is essential for ensuring the authenticity and unforgeability of transactions in a private blockchain framework. In some scenarios, transactions require verification from multiple parties, each of whom needs to authenticate different parts of the transaction. To address this issue, researchers have developed multi-party ECDSA (Elliptic Curve Digital Signature Algorithm) signature schemes. However, these schemes either need to consider the authentication of different parts of the transaction or generate an aggregated signature. This paper proposes a novel solution that combines functional signatures and multi-party ECDSA signatures to create a multi-party functional signature for private blockchains. Compared to previous constructions, the proposed scheme ensures that each part of the transaction is verified. Furthermore, when the aggregate signature of the entire transaction cannot be verified, this scheme identifies the specific part of the transaction for which the signature authentication fails instead of rejecting the entire transaction. This paper uses a smart contract to securely deploy the proposed scheme and authenticate the f in functional signatures. The constructed scheme also provides security under the existential unforgeability of the ECDSA signature, even if n−1 parties are corrupted, assuming a total of n parties. The scheme of this paper successfully conducted experiments on a personal computer, with three users taking approximately 343 ms, six users taking 552 ms, and nine users taking 791 ms.
{"title":"A Multi-Party Functional Signatures Scheme for Private Blockchain","authors":"Quan Zhou, Yulong Zheng, Kaijun Wei, Minhui Chen, Zhikang Zeng","doi":"10.3390/cryptography7020021","DOIUrl":"https://doi.org/10.3390/cryptography7020021","url":null,"abstract":"Digital signature technology is essential for ensuring the authenticity and unforgeability of transactions in a private blockchain framework. In some scenarios, transactions require verification from multiple parties, each of whom needs to authenticate different parts of the transaction. To address this issue, researchers have developed multi-party ECDSA (Elliptic Curve Digital Signature Algorithm) signature schemes. However, these schemes either need to consider the authentication of different parts of the transaction or generate an aggregated signature. This paper proposes a novel solution that combines functional signatures and multi-party ECDSA signatures to create a multi-party functional signature for private blockchains. Compared to previous constructions, the proposed scheme ensures that each part of the transaction is verified. Furthermore, when the aggregate signature of the entire transaction cannot be verified, this scheme identifies the specific part of the transaction for which the signature authentication fails instead of rejecting the entire transaction. This paper uses a smart contract to securely deploy the proposed scheme and authenticate the f in functional signatures. The constructed scheme also provides security under the existential unforgeability of the ECDSA signature, even if n−1 parties are corrupted, assuming a total of n parties. The scheme of this paper successfully conducted experiments on a personal computer, with three users taking approximately 343 ms, six users taking 552 ms, and nine users taking 791 ms.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"36 1","pages":"21"},"PeriodicalIF":0.0,"publicationDate":"2023-04-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78186856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-04-07DOI: 10.3390/cryptography7020020
M. Abu-Faraj, Abeer Y. Al-Hyari, C. Obimbo, Khaled Aldebei, Ismail Altaharwa, Z. Alqadi, Orabe Almanaseer
This research paper presents a novel digital color image encryption approach that ensures high-level security while remaining simple and efficient. The proposed method utilizes a composite key r and x of 128-bits to create a small in-dimension private key (a chaotic map), which is then resized to match the color matrix dimension. The proposed method is uncomplicated and can be applied to any image without any modification. Image quality, sensitivity analysis, security analysis, correlation analysis, quality analysis, speed analysis, and attack robustness analysis are conducted to prove the efficiency and security aspects of the proposed method. The speed analysis shows that the proposed method improves the performance of image cryptography by minimizing encryption–decryption time and maximizing the throughput of the process of color cryptography. The results demonstrate that the proposed method provides better throughput than existing methods. Overall, this research paper provides a new approach to digital color image encryption that is highly secure, efficient, and applicable to various images.
{"title":"Protecting Digital Images Using Keys Enhanced by 2D Chaotic Logistic Maps","authors":"M. Abu-Faraj, Abeer Y. Al-Hyari, C. Obimbo, Khaled Aldebei, Ismail Altaharwa, Z. Alqadi, Orabe Almanaseer","doi":"10.3390/cryptography7020020","DOIUrl":"https://doi.org/10.3390/cryptography7020020","url":null,"abstract":"This research paper presents a novel digital color image encryption approach that ensures high-level security while remaining simple and efficient. The proposed method utilizes a composite key r and x of 128-bits to create a small in-dimension private key (a chaotic map), which is then resized to match the color matrix dimension. The proposed method is uncomplicated and can be applied to any image without any modification. Image quality, sensitivity analysis, security analysis, correlation analysis, quality analysis, speed analysis, and attack robustness analysis are conducted to prove the efficiency and security aspects of the proposed method. The speed analysis shows that the proposed method improves the performance of image cryptography by minimizing encryption–decryption time and maximizing the throughput of the process of color cryptography. The results demonstrate that the proposed method provides better throughput than existing methods. Overall, this research paper provides a new approach to digital color image encryption that is highly secure, efficient, and applicable to various images.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"76 1","pages":"20"},"PeriodicalIF":0.0,"publicationDate":"2023-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79321441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-04-04DOI: 10.3390/cryptography7020019
Pavol Zajac
In this work, we survey the existing research in the area of algebraic cryptanalysis based on Multiple Right-Hand Sides (MRHS) equations (MRHS cryptanalysis). MRHS equation is a formal inclusion that contains linear combinations of variables on the left-hand side, and a potential set of values for these combinations on the right-hand side. We describe MRHS equation systems in detail, including the evolution of this representation. Then we provide an overview of the methods that can be used to solve MRHS equation systems. Finally, we explore the use of MRHS equation systems in algebraic cryptanalysis and survey existing experimental results.
{"title":"Algebraic Cryptanalysis with MRHS Equations","authors":"Pavol Zajac","doi":"10.3390/cryptography7020019","DOIUrl":"https://doi.org/10.3390/cryptography7020019","url":null,"abstract":"In this work, we survey the existing research in the area of algebraic cryptanalysis based on Multiple Right-Hand Sides (MRHS) equations (MRHS cryptanalysis). MRHS equation is a formal inclusion that contains linear combinations of variables on the left-hand side, and a potential set of values for these combinations on the right-hand side. We describe MRHS equation systems in detail, including the evolution of this representation. Then we provide an overview of the methods that can be used to solve MRHS equation systems. Finally, we explore the use of MRHS equation systems in algebraic cryptanalysis and survey existing experimental results.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"2 1","pages":"19"},"PeriodicalIF":0.0,"publicationDate":"2023-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85328320","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-04-03DOI: 10.3390/cryptography7020018
Riccardo Della Sala, G. Scotti
In this work we propose a novel implementation on recent Xilinx FPGA platforms of a PUF architecture based on the NAND SR-latch (referred to as NAND-PUF in the following) which achieves an extremely low resource usage with very good overall performance. More specifically, a 4 bit NAND-PUF macro has been designed referring to the Artix-7 platform occupying only 2 slices. The optimum excitation sequence has been determined by analysing the reliability versus the excitation time of the PUF cells under supply voltage variations. A 128 bit NAND-PUF has been tested on 16 FPGA boards under supply voltage and temperature variations and measured performances have been compared against state-of-the-art PUFs from the literature. The comparison has shown that the proposed PUF implementation exhibits the best reliability performance while occupying the minimum FPGA resource usage achieved in the PUF literature.
{"title":"A Novel FPGA Implementation of the NAND-PUF with Minimal Resource Usage and High Reliability","authors":"Riccardo Della Sala, G. Scotti","doi":"10.3390/cryptography7020018","DOIUrl":"https://doi.org/10.3390/cryptography7020018","url":null,"abstract":"In this work we propose a novel implementation on recent Xilinx FPGA platforms of a PUF architecture based on the NAND SR-latch (referred to as NAND-PUF in the following) which achieves an extremely low resource usage with very good overall performance. More specifically, a 4 bit NAND-PUF macro has been designed referring to the Artix-7 platform occupying only 2 slices. The optimum excitation sequence has been determined by analysing the reliability versus the excitation time of the PUF cells under supply voltage variations. A 128 bit NAND-PUF has been tested on 16 FPGA boards under supply voltage and temperature variations and measured performances have been compared against state-of-the-art PUFs from the literature. The comparison has shown that the proposed PUF implementation exhibits the best reliability performance while occupying the minimum FPGA resource usage achieved in the PUF literature.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"11 1","pages":"18"},"PeriodicalIF":0.0,"publicationDate":"2023-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79601235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-27DOI: 10.3390/cryptography7020017
Karthikeyan Nagarajan, Rupshali Roy, R. Topaloglu, Sachhidh Kannan, Swaroop Ghosh
Spiking neural networks (SNNs) are quickly gaining traction as a viable alternative to deep neural networks (DNNs). Compared to DNNs, SNNs are computationally more powerful and energy efficient. The design metrics (synaptic weights, membrane threshold, etc.) chosen for such SNN architectures are often proprietary and constitute confidential intellectual property (IP). Our study indicates that SNN architectures implemented using conventional analog neurons are susceptible to side channel attack (SCA). Unlike the conventional SCAs that are aimed to leak private keys from cryptographic implementations, SCANN (SCA̲ of spiking n̲eural n̲etworks) can reveal the sensitive IP implemented within the SNN through the power side channel. We demonstrate eight unique SCANN attacks by taking a common analog neuron (axon hillock neuron) as the test case. We chose this particular model since it is biologically plausible and is hence a good fit for SNNs. Simulation results indicate that different synaptic weights, neurons/layer, neuron membrane thresholds, and neuron capacitor sizes (which are the building blocks of SNN) yield distinct power and spike timing signatures, making them vulnerable to SCA. We show that an adversary can use templates (using foundry-calibrated simulations or fabricating known design parameters in test chips) and analysis to identify the specifications of the implemented SNN.
{"title":"SCANN: Side Channel Analysis of Spiking Neural Networks","authors":"Karthikeyan Nagarajan, Rupshali Roy, R. Topaloglu, Sachhidh Kannan, Swaroop Ghosh","doi":"10.3390/cryptography7020017","DOIUrl":"https://doi.org/10.3390/cryptography7020017","url":null,"abstract":"Spiking neural networks (SNNs) are quickly gaining traction as a viable alternative to deep neural networks (DNNs). Compared to DNNs, SNNs are computationally more powerful and energy efficient. The design metrics (synaptic weights, membrane threshold, etc.) chosen for such SNN architectures are often proprietary and constitute confidential intellectual property (IP). Our study indicates that SNN architectures implemented using conventional analog neurons are susceptible to side channel attack (SCA). Unlike the conventional SCAs that are aimed to leak private keys from cryptographic implementations, SCANN (SCA̲ of spiking n̲eural n̲etworks) can reveal the sensitive IP implemented within the SNN through the power side channel. We demonstrate eight unique SCANN attacks by taking a common analog neuron (axon hillock neuron) as the test case. We chose this particular model since it is biologically plausible and is hence a good fit for SNNs. Simulation results indicate that different synaptic weights, neurons/layer, neuron membrane thresholds, and neuron capacitor sizes (which are the building blocks of SNN) yield distinct power and spike timing signatures, making them vulnerable to SCA. We show that an adversary can use templates (using foundry-calibrated simulations or fabricating known design parameters in test chips) and analysis to identify the specifications of the implemented SNN.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"11 1","pages":"17"},"PeriodicalIF":0.0,"publicationDate":"2023-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89886640","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-24DOI: 10.3390/cryptography7020016
Buzhen He, Tao Feng
While transferring data to cloud servers frees users from having to manage it, it eventually raises new problems, such as data privacy. The concept of searchable encryption has drawn more and more focus in research as a means of resolving the tension between data accessibility and data privacy. Due to the lack of integrity and correctness authentication in most searchable encryption techniques, malicious cloud servers may deliver false search results to users. Based on public key encryption with searching (PEKS), the study suggests a privacy-preserving method for verifiable fuzzy keyword searches based on the Ethernet blockchain in a cloud context to overcome the aforementioned security concerns. The search user can check the accuracy and integrity of the query document using the unalterability characteristics of the Ethernet blockchain system in this scheme to prevent the cloud server from giving incorrect query results. Furthermore, a fair transaction between the cloud server and the data user is achieved and can be tracked back to the malicious user using hash functions and Ethereum smart contracts, even if the user or the cloud is malicious. Finally, the security analysis shows that, under the random oracle model, our technique fulfils the adaptive selection keyword’s semantic security. The performance assessment demonstrates that the proposed scheme outperforms other related schemes in terms of computational efficiency.
{"title":"Encryption Scheme of Verifiable Search Based on Blockchain in Cloud Environment","authors":"Buzhen He, Tao Feng","doi":"10.3390/cryptography7020016","DOIUrl":"https://doi.org/10.3390/cryptography7020016","url":null,"abstract":"While transferring data to cloud servers frees users from having to manage it, it eventually raises new problems, such as data privacy. The concept of searchable encryption has drawn more and more focus in research as a means of resolving the tension between data accessibility and data privacy. Due to the lack of integrity and correctness authentication in most searchable encryption techniques, malicious cloud servers may deliver false search results to users. Based on public key encryption with searching (PEKS), the study suggests a privacy-preserving method for verifiable fuzzy keyword searches based on the Ethernet blockchain in a cloud context to overcome the aforementioned security concerns. The search user can check the accuracy and integrity of the query document using the unalterability characteristics of the Ethernet blockchain system in this scheme to prevent the cloud server from giving incorrect query results. Furthermore, a fair transaction between the cloud server and the data user is achieved and can be tracked back to the malicious user using hash functions and Ethereum smart contracts, even if the user or the cloud is malicious. Finally, the security analysis shows that, under the random oracle model, our technique fulfils the adaptive selection keyword’s semantic security. The performance assessment demonstrates that the proposed scheme outperforms other related schemes in terms of computational efficiency.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"30 1","pages":"16"},"PeriodicalIF":0.0,"publicationDate":"2023-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87238215","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-10DOI: 10.3390/cryptography7010015
C. DeCusatis, Brian Gormanly, John Iacino, Reed Percelay, Alex Pingue, Justin Valdez
Blockchain, smart contracts, and related concepts have emerged in recent years as a promising technology for cryptocurrency, NFTs, and other areas. However, there are still many security issues that must be addressed as these technologies evolve. This paper reviews some of the leading social engineering attacks on smart contracts, as well as several vulnerabilities which result from insecure code development. A smart contract test bed is constructed using Solidity and a Metamask wallet to evaluate vulnerabilities such as insecure arithmetic, denial of service, and re-entrancy attacks. Cross-chain vulnerabilities and potential vulnerabilities resulting from layer 2 side-chain processing were also investigated. Mitigation best practices are proposed based on the experimental results.
{"title":"Cybersecurity Test Bed for Smart Contracts","authors":"C. DeCusatis, Brian Gormanly, John Iacino, Reed Percelay, Alex Pingue, Justin Valdez","doi":"10.3390/cryptography7010015","DOIUrl":"https://doi.org/10.3390/cryptography7010015","url":null,"abstract":"Blockchain, smart contracts, and related concepts have emerged in recent years as a promising technology for cryptocurrency, NFTs, and other areas. However, there are still many security issues that must be addressed as these technologies evolve. This paper reviews some of the leading social engineering attacks on smart contracts, as well as several vulnerabilities which result from insecure code development. A smart contract test bed is constructed using Solidity and a Metamask wallet to evaluate vulnerabilities such as insecure arithmetic, denial of service, and re-entrancy attacks. Cross-chain vulnerabilities and potential vulnerabilities resulting from layer 2 side-chain processing were also investigated. Mitigation best practices are proposed based on the experimental results.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"24 1","pages":"15"},"PeriodicalIF":0.0,"publicationDate":"2023-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81258086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-07DOI: 10.3390/cryptography7010014
Y. Bespalov, L. Kovalchuk, Hanna Nelasa, R. Oliynykov, Robert Viglione
Sidechains are among the most promising scalability and extended functionality solutions for blockchains. Application of zero knowledge techniques (Latus, Mina) allows for reaching high level security and general throughput, though it brings new challenges on keeping decentralization where significant effort is required for robust computation of zk-proofs. We consider a simultaneous decentralized creation of various zk-proof trees that form proof-trees sequences in sidechains in the model that combines behavior of provers, both deterministic (mutually consistent) or stochastic (independent) and types of proof trees. We define the concept of efficiency of such process, introduce its quantity measure and recommend parameters for tree creation. In deterministic cases, the sequences of published trees are ultimately periodic and ensure the highest possible efficiency (no collisions in proof creation). In stochastic cases, we obtain a universal measure of prover efficiencies given by the explicit formula in one case or calculated by a simulation model in another case. The optimal number of allowed provers’ positions for a step can be set for various sidechain parameters, such as number of provers, number of time steps within one block, etc. Benefits and restrictions for utilization of non-perfect binary proof trees are also explicitly presented.
{"title":"Models for Generation of Proof Forest in zk-SNARK Based Sidechains","authors":"Y. Bespalov, L. Kovalchuk, Hanna Nelasa, R. Oliynykov, Robert Viglione","doi":"10.3390/cryptography7010014","DOIUrl":"https://doi.org/10.3390/cryptography7010014","url":null,"abstract":"Sidechains are among the most promising scalability and extended functionality solutions for blockchains. Application of zero knowledge techniques (Latus, Mina) allows for reaching high level security and general throughput, though it brings new challenges on keeping decentralization where significant effort is required for robust computation of zk-proofs. We consider a simultaneous decentralized creation of various zk-proof trees that form proof-trees sequences in sidechains in the model that combines behavior of provers, both deterministic (mutually consistent) or stochastic (independent) and types of proof trees. We define the concept of efficiency of such process, introduce its quantity measure and recommend parameters for tree creation. In deterministic cases, the sequences of published trees are ultimately periodic and ensure the highest possible efficiency (no collisions in proof creation). In stochastic cases, we obtain a universal measure of prover efficiencies given by the explicit formula in one case or calculated by a simulation model in another case. The optimal number of allowed provers’ positions for a step can be set for various sidechain parameters, such as number of provers, number of time steps within one block, etc. Benefits and restrictions for utilization of non-perfect binary proof trees are also explicitly presented.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"746 1","pages":"14"},"PeriodicalIF":0.0,"publicationDate":"2023-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78780179","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-06DOI: 10.46586/tches.v2023.i2.568-586
Luyao Xu, Zhengyi Dai, Baofeng Wu, D. Lin
Lattice reduction algorithms have been proved to be one of the most powerful and versatile tools in public key cryptanalysis. In this work, we primarily concentrate on lattice attacks against (EC)DSA with nonce leakage via some sidechannel analysis. Previous works relying on lattice reduction algorithms such as LLL and BKZ will finally lead to the “lattice barrier”: lattice algorithms become infeasible when only fewer nonce is known. Recently, Albrecht and Heninger introduced lattice algorithms augmented with a predicate and broke the lattice barrier (Eurocrypt 2021). We improve their work in several aspects.We first propose a more efficient predicate algorithm which aims to search for the target lattice vector in a large database. Then, we combine sieving with predicate algorithm with the “dimensions for free” and “progressive sieving” techniques to further improve the performance of our attacks. Furthermore, we give a theoretic analysis on how to choose the optimal Kannan embedding factor.As a result, our algorithm outperforms the state-of-the-art lattice attacks for existing records such as 3-bit nonce leakage for a 256-bit curve and 2-bit nonce leakage for a 160-bit curve in terms of running time, sample numbers and success probability. We also break the lattice records on the 384-bit curve with 3-bit nonce leakage and the 256-bit curve with 2-bit nonce leakage which are thought infeasible previously. Finally, we give the first lattice attack against ECDSA with a single-bit nonce leakage, which enables us to break a 112-bit curve with 1-bit nonce leakage in practical time.
{"title":"Improved Attacks on (EC)DSA with Nonce Leakage by Lattice Sieving with Predicate","authors":"Luyao Xu, Zhengyi Dai, Baofeng Wu, D. Lin","doi":"10.46586/tches.v2023.i2.568-586","DOIUrl":"https://doi.org/10.46586/tches.v2023.i2.568-586","url":null,"abstract":"Lattice reduction algorithms have been proved to be one of the most powerful and versatile tools in public key cryptanalysis. In this work, we primarily concentrate on lattice attacks against (EC)DSA with nonce leakage via some sidechannel analysis. Previous works relying on lattice reduction algorithms such as LLL and BKZ will finally lead to the “lattice barrier”: lattice algorithms become infeasible when only fewer nonce is known. Recently, Albrecht and Heninger introduced lattice algorithms augmented with a predicate and broke the lattice barrier (Eurocrypt 2021). We improve their work in several aspects.We first propose a more efficient predicate algorithm which aims to search for the target lattice vector in a large database. Then, we combine sieving with predicate algorithm with the “dimensions for free” and “progressive sieving” techniques to further improve the performance of our attacks. Furthermore, we give a theoretic analysis on how to choose the optimal Kannan embedding factor.As a result, our algorithm outperforms the state-of-the-art lattice attacks for existing records such as 3-bit nonce leakage for a 256-bit curve and 2-bit nonce leakage for a 160-bit curve in terms of running time, sample numbers and success probability. We also break the lattice records on the 384-bit curve with 3-bit nonce leakage and the 256-bit curve with 2-bit nonce leakage which are thought infeasible previously. Finally, we give the first lattice attack against ECDSA with a single-bit nonce leakage, which enables us to break a 112-bit curve with 1-bit nonce leakage in practical time.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"109 1","pages":"568-586"},"PeriodicalIF":0.0,"publicationDate":"2023-03-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82236498","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-06DOI: 10.46586/tches.v2023.i2.155-179
Jean-Paul Gaspoz, S. Dhooghe
This paper provides necessary properties to algorithmically secure firstorder maskings in scalar micro-architectures. The security notions of threshold implementations are adapted following micro-processor leakage effects which are known to the literature. The resulting notions, which are based on the placement of shares, are applied to a two-share randomness-free PRESENT cipher and Keccak-f. The assembly implementations are put on a RISC-V and an ARM Cortex-M4 core. All designs are validated in the glitch and transition extended probing model and their implementations via practical lab analysis.
{"title":"Threshold Implementations in Software: Micro-architectural Leakages in Algorithms","authors":"Jean-Paul Gaspoz, S. Dhooghe","doi":"10.46586/tches.v2023.i2.155-179","DOIUrl":"https://doi.org/10.46586/tches.v2023.i2.155-179","url":null,"abstract":"This paper provides necessary properties to algorithmically secure firstorder maskings in scalar micro-architectures. The security notions of threshold implementations are adapted following micro-processor leakage effects which are known to the literature. The resulting notions, which are based on the placement of shares, are applied to a two-share randomness-free PRESENT cipher and Keccak-f. The assembly implementations are put on a RISC-V and an ARM Cortex-M4 core. All designs are validated in the glitch and transition extended probing model and their implementations via practical lab analysis.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"143 1","pages":"155-179"},"PeriodicalIF":0.0,"publicationDate":"2023-03-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86634851","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: