Secret Key Leakage from Public Key Perturbation of DLP-based Cryptosystems

Finding efficient countermeasures for cryptosystems against fault attacks is challenged by a constant discovery of flaws in designs. Even elements, such as public keys, that do not seem critical must be protected. From the attacks against RSA, we develop a new attack of DLP-based cryptosystems, built in addition on a lattice analysis to recover DSA public keys from partially known nonces. Based on a realistic fault model, our attack only requires 16 faulty signatures to recover a 160-bit DSA secret key within a few minutes on a standard PC. These results significantly improves the previous public element fault attack in the context of DLP-based cryptosystems

Fault Attacks Sensitivity of Public Parameters in the Dilithium Verification

This paper presents a comprehensive analysis of the verification algorithm of the CRYSTALS-Dilithium, focusing on a C reference implementation. Limited research has been conducted on its susceptibility to fault attacks, despite its critical role in ensuring the scheme’s security. To fill this gap, we investigate three distinct fault models - randomizing faults, zeroizing faults, and skipping faults - to identify vulnerabilities within the verification process. Based on our analysis, we propose a methodology for forging CRYSTALS-Dilithium signatures without knowledge of the secret key. Instead, we leverage specific types of faults during the verification phase and some properties about public parameters to make these signatures accepted. Additionally, we compared different attack scenarios after identifying sensitive operations within the verification algorithm. The most effective requires potentially fewer fault injections than targeting the verification check itself. Finally, we introduce a set of countermeasures designed to thwart all the identified scenarios rendering the verification algorithm intrinsically resistant to the presented attacks

PMNS revisited for consistent redundancy and equality test

The Polynomial Modular Number System (PMNS) is a non-positional number system for modular arithmetic. A PMNS is defined by a tuple $(p, n, \gamma, \rho, E)$, where $p$, $n$, $\gamma$ and $\rho$ are positive non-zero integers and $E\in\mathbb{Z}_{n}[X]$ is a monic polynomial such that $E(\gamma) \equiv 0 \pmod p$. The PMNS is a redundant number system. In~\cite{rando-pmns-arith26}, Didier et al. used this redundancy property to randomise the data during the Elliptic Curve Scalar Multiplication (ECSM). In this paper, we refine the results on redundancy and propose several new results on PMNS. More precisely, we study a generalisation of the Montgomery-like internal reduction method proposed by Negre and Plantard, along with some improvements on parameter bounds for smaller memory cost to represent elements in this system. We also show how to perform equality test in the PMNS

Multiplication over Extension Fields for Pairing-based Cryptography: an Hardware Point of View

New Number Field Sieves (NFS) attacks on the discrete logarithm problem have led to increase the key size of pairing-based cryptography and more precisely pairings on most popular curves like BN. To ensure 128-bit security level, recent costs estimations recommand to switch for BLS24 curves. However, using BLS24 curves for pairing requires to have an efficient arithmetic in Fp4. In this paper, we transposed previous work on multiplication over extesnsion fields using Newton\u27s interpolation to construct a new formula for multiplication in Fp4 and propose time x area efficient hardware implementation of this operation. This co-processor is implemented on Kintex-7 Xilinx FPGA. The efficiency of our design in terms of time x area is almost 3 times better than previous specific architecture for multiplication in Fp4. Our architecture is used to estimate the efficiency of hardware implementations of full pairings on BLS12 and BLS24 curves with a 128-bit security level. This co-processeur can be easily modified to anticipate further curve changes

Exploiting Intermediate Value Leakage in Dilithium: A Template-Based Approach

This paper presents a new profiling side-channel attack on CRYSTALS-Dilithium, the new NIST primary standard for quantum-safe digital signatures. An open source implementation of CRYSTALS-Dilithium is already available, with constant-time property as a consideration for side-channel resilience. However, this implementation does not protect against attacks that exploit intermediate data leakage. We show how to exploit a new leakage on a vector generated during the signing process, for which the costly protection by masking is still a matter of debate. With a corpus of 700000 messages, we design a template attack that enables us to efficiently predict whether a given coefficient in one coordinate of this vector is zero or not. By gathering signatures and being able to make the correct predictions for each index, and then using linear algebra methods, this paper demonstrates that one can recover part of the secret key that is sufficient to produce universal forgeries. While our paper deeply discusses the theoretical attack path, it also demonstrates the validity of the assumption regarding the required leakage model from practical experiments with the reference implementation on an ARM Cortex-M4. We need approximately a day to collect enough representatives and one more day to perform the traces acquisition on our target

Analyse cryptographique des altérations d'algorithmes

Since the advent of side channel attacks, at the end of the 90's, classical cryptanalysis is no longer sufficient to ensure the security of embedded cryptosystems. Among side channel attacks, Differential Fault Analysis is a powerful way to recover secret information from malicious perturbations of a cryptographic hardware. The purpose of the thesis is to extend the scope of fault attacks by providing brand new attacks based on innovative but realistic fault models. Whereas private keys have been rapidly protected against perturbations, recent works addressed the issue of protecting also non-critical elements, such as public keys, since their perturbation may leak secret information. We will investigate on this area by focusing on classical implementations of two very popular cryptosystems : RSA and DSA. In details, we will detail how to exploit faults on the public modulus that occurred during their execution. To the best of our knowledge, these cryptographic algorithms have never been studied according to such a fault model. We have also followed the emergence of new stream ciphers. Since their mathematical structure are stronger, we wanted to evaluate the robustness of their implementation against malicious faults. In this context we studied two of the eSTREAM finalists : Grain-128 and Rabbit. Finally, this thesis emphasizes the difficulty for elaborating efficient countermeasure against faults by describing what have been done for CRT-RSA.Avec l'avènement des attaques par canaux auxiliaires, à la fin des années 90, les preuves de sécurité algébriques ne sont plus suffisantes pour garantir la sécurité de crypto-systèmes embarqués. L'une de ces attaques, la Differential Fault Analysis, propose d'exploiter les perturbations malicieuses de composants cryptographiques pour en extraire des données secrètes. L'objet de cette thèse est d'étendre le champ d'application de l'analyse de perturbations en proposant de nouvelles attaques basées sur des modèles de faute innovants mais réalistes. Alors qu'il est rapidement devenu nécessaire de protéger les clés privées contre les perturbations, de récents travaux ont démontré que la perturbation d'éléments publics pouvait aussi engendrer une fuite d'information critique. Dans ce cadre, nous nous intéresserons particulièrement aux implantations classiques de deux crypto-systèmes asymétriques des plus répandus : le RSA et le DSA. Nous étudierons leur comportement vis-à-vis de perturbations intervenant pendant leur exécution, ce qui n'avait jamais été fait auparavant. Dans un second temps, nous avons suivi l'émergence de nouveaux algorithmes de chiffrement à flot. La structure mathématique de ces nouveaux algorithmes étant désormais plus forte, nous avons voulu évaluer la robustesse de leur implantation face aux perturbations. A ce titre, nous nous sommes intéressés à deux des finalistes du projet eSTREAM : Grain-128 et Rabbit. Enfin, cette thèse soulignera la difficulté de protéger les implantations de crypto-systèmes contre les perturbations en prenant l'exemple du RSA-CRT

Analyse cryptographique des altérations d'algorithmes

Avec l avènement des attaques par canaux auxiliaires, les preuves de sécurité algébriques ne sont plus suffisantes pour garantir la sécurité de crypto-systèmes embarqués. Parmis ces attaques, la Differential Fault Analysis, propose d exploiter les perturbations de composants cryptographiques pour en extraire des données secrètes. L objet de cette thèse est d'étendre le champ d application de ces attaques en proposant de nouvelles applications. Nous avons commencé par analyser les perturbations d'éléments publics intervenant pendant l'exécution de crypto-systèmes asymétriques. Cette étude inédite a donné différentes attaques contre le RSA et le DSA. Puis, nous avons étudié la résistance des implantations de nouveaux algorithmes de chiffrement à flot face aux perturbations. Enfin, cette thèse soulignera la difficulté de protéger les implantations de crypto-systèmes contre ces attaques.Since the advent of side channel attacks, classical cryptanalysis is no longer sufficient to ensure the security of embedded cryptography. Among side channel attacks, Differential Fault Analysis is a powerful way to recover secret information from perturbations of a cryptographic device. The purpose of the thesis is to extend the scope of fault attacks by providing brand new attacks based on innovative but realistic fault models. We first investigated on exploiting perturbation of public elements that may occur during the execution of electronic signatures. This new study has resulted in multiple attacks against both RSA and DSA implementations. Then, we have proposed efficient attacks against implementations of new stream ciphers. Finally, this thesis emphasizes the difficulty for elaborating efficient countermeasure against faults attacks.VERSAILLES-BU Sciences et IUT (786462101) / SudocSudocFranceF

Compiler-Assisted Loop Hardening Against Fault Attacks

International audienceSecure elements widely used in smartphones, digital consumer electronics, and payment systems are subject to fault attacks. To thwart such attacks, software protections are manually inserted requiring experts and time. The explosion of the Internet of Things (IoT) in home, business, and public spaces motivates the hardening of a wider class of applications and the need to offer security solutions to non-experts. This article addresses the automated protection of loops at compilation time, covering the widest range of control- and data-flow patterns, in both shape and complexity. The security property we consider is that a sensitive loop must always perform the expected number of iterations; otherwise, an attack must be reported. We propose a generic compile-time loop hardening scheme based on the duplication of termination conditions and of the computations involved in the evaluation of such conditions. We also investigate how to preserve the security property along the compilation flow while enabling aggressive optimizations. We implemented this algorithm in LLVM 4.0 at the Intermediate Representation (IR) level in the backend. On average, the compiler automatically hardens 95% of the sensitive loops of typical security benchmarks, and 98% of these loops are shown to be robust to simulated faults. Performance and code size overhead remain quite affordable, at 12.5% and 14%, respectively