Fault attack countermeasures for error samplers in lattice-based cryptography

James Howe; Ayesha Khalid; Marco Martinoli; Francesco Regazzoni; Elisabeth Oswald

doi:10.1109/ISCAS.2019.8702794

Fault attack countermeasures for error samplers in lattice-based cryptography

James Howe, Ayesha Khalid, Marco Martinoli, Francesco Regazzoni, Elisabeth Oswald

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Lattice-based cryptography is one of the leading candidates for NIST's post-quantum standardisation effort, providing efficient key encapsulation and signature schemes. Most of these schemes base their hardness on variants of LWE, and thus rely heavily on error samplers to provide necessary uncertainty by obfuscating computations on secret information. Because of this it is a clear and obvious target for side-channel analysis, with numerous types of attacks targeting this component to gain secret-key information. In order to bring potential lattice-based cryptographic standards to practical realisation, it is important to protect these modules from past and future fault and side-channel attacks. This paper proposes countermeasures that exploit the distributions expected from these error samples, that is either Gaussian or binomial, by using statistical tests to verify the samplers are operating properly. The novel countermeasures are designed to protect against all previous fault attacks on error samplers. We optimize hardware implementation of the proposed tests to avoid division and square root calculations, however, the countermeasure we propose is sufficiently generic to be suitable also for software. We measure the impact of these countermeasures on performance and area consumption on a Xilinx Artix-7 FPGA. Our countermeasure achieve promising performance while resulting in a minimal overhead.

Original language	English
Title of host publication	2019 IEEE International Symposium on Circuits and Systems, ISCAS 2019 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
ISBN (Electronic)	9781728103976
DOIs	https://doi.org/10.1109/ISCAS.2019.8702794
Publication status	Published - 2019
Event	2019 IEEE International Symposium on Circuits and Systems, ISCAS 2019 - Sapporo, Japan Duration: 26 May 2019 → 29 May 2019

Publication series

Name	Proceedings - IEEE International Symposium on Circuits and Systems
Volume	2019-May
ISSN (Print)	0271-4310

Conference

Conference	2019 IEEE International Symposium on Circuits and Systems, ISCAS 2019
Country/Territory	Japan
City	Sapporo
Period	26/05/19 → 29/05/19

Bibliographical note

Funding Information:
This research was supported in part by EPSRC via grant EP/N011635/1 and by the European Union Horizon 2020 SAFEcrypto project (grant no. 644729).

Publisher Copyright:
© 2019 IEEE

Keywords

Countermeasures
Fault attacks
FPGA
Hardware security
Lattice-based cryptography

ASJC Scopus subject areas

Electrical and Electronic Engineering

Access to Document

10.1109/ISCAS.2019.8702794

Cite this

Howe, J., Khalid, A., Martinoli, M., Regazzoni, F., & Oswald, E. (2019). Fault attack countermeasures for error samplers in lattice-based cryptography. In 2019 IEEE International Symposium on Circuits and Systems, ISCAS 2019 - Proceedings Article 8702794 (Proceedings - IEEE International Symposium on Circuits and Systems; Vol. 2019-May). Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/ISCAS.2019.8702794

@inproceedings{b89387b0fde740aa866e5455750d1ea9,

title = "Fault attack countermeasures for error samplers in lattice-based cryptography",

abstract = "Lattice-based cryptography is one of the leading candidates for NIST's post-quantum standardisation effort, providing efficient key encapsulation and signature schemes. Most of these schemes base their hardness on variants of LWE, and thus rely heavily on error samplers to provide necessary uncertainty by obfuscating computations on secret information. Because of this it is a clear and obvious target for side-channel analysis, with numerous types of attacks targeting this component to gain secret-key information. In order to bring potential lattice-based cryptographic standards to practical realisation, it is important to protect these modules from past and future fault and side-channel attacks. This paper proposes countermeasures that exploit the distributions expected from these error samples, that is either Gaussian or binomial, by using statistical tests to verify the samplers are operating properly. The novel countermeasures are designed to protect against all previous fault attacks on error samplers. We optimize hardware implementation of the proposed tests to avoid division and square root calculations, however, the countermeasure we propose is sufficiently generic to be suitable also for software. We measure the impact of these countermeasures on performance and area consumption on a Xilinx Artix-7 FPGA. Our countermeasure achieve promising performance while resulting in a minimal overhead.",

keywords = "Countermeasures, Fault attacks, FPGA, Hardware security, Lattice-based cryptography",

author = "James Howe and Ayesha Khalid and Marco Martinoli and Francesco Regazzoni and Elisabeth Oswald",

note = "Funding Information: This research was supported in part by EPSRC via grant EP/N011635/1 and by the European Union Horizon 2020 SAFEcrypto project (grant no. 644729). Publisher Copyright: {\textcopyright} 2019 IEEE; 2019 IEEE International Symposium on Circuits and Systems, ISCAS 2019 ; Conference date: 26-05-2019 Through 29-05-2019",

year = "2019",

doi = "10.1109/ISCAS.2019.8702794",

language = "English",

series = "Proceedings - IEEE International Symposium on Circuits and Systems",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

booktitle = "2019 IEEE International Symposium on Circuits and Systems, ISCAS 2019 - Proceedings",

}

Howe, J, Khalid, A, Martinoli, M, Regazzoni, F & Oswald, E 2019, Fault attack countermeasures for error samplers in lattice-based cryptography. in 2019 IEEE International Symposium on Circuits and Systems, ISCAS 2019 - Proceedings., 8702794, Proceedings - IEEE International Symposium on Circuits and Systems, vol. 2019-May, Institute of Electrical and Electronics Engineers (IEEE), 2019 IEEE International Symposium on Circuits and Systems, ISCAS 2019, Sapporo, Japan, 26/05/19. https://doi.org/10.1109/ISCAS.2019.8702794

Fault attack countermeasures for error samplers in lattice-based cryptography. / Howe, James; Khalid, Ayesha; Martinoli, Marco et al.
2019 IEEE International Symposium on Circuits and Systems, ISCAS 2019 - Proceedings. Institute of Electrical and Electronics Engineers (IEEE), 2019. 8702794 (Proceedings - IEEE International Symposium on Circuits and Systems; Vol. 2019-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Fault attack countermeasures for error samplers in lattice-based cryptography

AU - Howe, James

AU - Khalid, Ayesha

AU - Martinoli, Marco

AU - Regazzoni, Francesco

AU - Oswald, Elisabeth

N1 - Funding Information: This research was supported in part by EPSRC via grant EP/N011635/1 and by the European Union Horizon 2020 SAFEcrypto project (grant no. 644729). Publisher Copyright: © 2019 IEEE

PY - 2019

Y1 - 2019

N2 - Lattice-based cryptography is one of the leading candidates for NIST's post-quantum standardisation effort, providing efficient key encapsulation and signature schemes. Most of these schemes base their hardness on variants of LWE, and thus rely heavily on error samplers to provide necessary uncertainty by obfuscating computations on secret information. Because of this it is a clear and obvious target for side-channel analysis, with numerous types of attacks targeting this component to gain secret-key information. In order to bring potential lattice-based cryptographic standards to practical realisation, it is important to protect these modules from past and future fault and side-channel attacks. This paper proposes countermeasures that exploit the distributions expected from these error samples, that is either Gaussian or binomial, by using statistical tests to verify the samplers are operating properly. The novel countermeasures are designed to protect against all previous fault attacks on error samplers. We optimize hardware implementation of the proposed tests to avoid division and square root calculations, however, the countermeasure we propose is sufficiently generic to be suitable also for software. We measure the impact of these countermeasures on performance and area consumption on a Xilinx Artix-7 FPGA. Our countermeasure achieve promising performance while resulting in a minimal overhead.

AB - Lattice-based cryptography is one of the leading candidates for NIST's post-quantum standardisation effort, providing efficient key encapsulation and signature schemes. Most of these schemes base their hardness on variants of LWE, and thus rely heavily on error samplers to provide necessary uncertainty by obfuscating computations on secret information. Because of this it is a clear and obvious target for side-channel analysis, with numerous types of attacks targeting this component to gain secret-key information. In order to bring potential lattice-based cryptographic standards to practical realisation, it is important to protect these modules from past and future fault and side-channel attacks. This paper proposes countermeasures that exploit the distributions expected from these error samples, that is either Gaussian or binomial, by using statistical tests to verify the samplers are operating properly. The novel countermeasures are designed to protect against all previous fault attacks on error samplers. We optimize hardware implementation of the proposed tests to avoid division and square root calculations, however, the countermeasure we propose is sufficiently generic to be suitable also for software. We measure the impact of these countermeasures on performance and area consumption on a Xilinx Artix-7 FPGA. Our countermeasure achieve promising performance while resulting in a minimal overhead.

KW - Countermeasures

KW - Fault attacks

KW - FPGA

KW - Hardware security

KW - Lattice-based cryptography

UR - http://www.scopus.com/inward/record.url?scp=85066802813&partnerID=8YFLogxK

U2 - 10.1109/ISCAS.2019.8702794

DO - 10.1109/ISCAS.2019.8702794

M3 - Conference contribution

AN - SCOPUS:85066802813

T3 - Proceedings - IEEE International Symposium on Circuits and Systems

BT - 2019 IEEE International Symposium on Circuits and Systems, ISCAS 2019 - Proceedings

PB - Institute of Electrical and Electronics Engineers (IEEE)

T2 - 2019 IEEE International Symposium on Circuits and Systems, ISCAS 2019

Y2 - 26 May 2019 through 29 May 2019

ER -

Howe J, Khalid A, Martinoli M, Regazzoni F, Oswald E. Fault attack countermeasures for error samplers in lattice-based cryptography. In 2019 IEEE International Symposium on Circuits and Systems, ISCAS 2019 - Proceedings. Institute of Electrical and Electronics Engineers (IEEE). 2019. 8702794. (Proceedings - IEEE International Symposium on Circuits and Systems). doi: 10.1109/ISCAS.2019.8702794

Fault attack countermeasures for error samplers in lattice-based cryptography

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this