Abstract
This research article assesses the feasibility of cold boot attacks on the lifted unbalanced oil and Vinegar (LUOV) scheme, a variant of the UOV signature scheme. This scheme is a member of the family of asymmetric cryptographic primitives based on multivariable polynomials over a finite field K and has been submitted as candidate to the ongoing National Institute of Standards and Technology (NIST) standardisation process of post-quantum signature schemes. To the best of our knowledge, this is the first time that this scheme is evaluated in this setting. To perform our assessment of the scheme in this setting, we review two implementations of this scheme, the reference implementation and the libpqcrypto implementation, to learn the most common in-memory private key formats and next develop a key recovery algorithm exploiting the structure of this scheme. Since the LUOV’s key generation algorithm generates its private components and public components from a 256-bit seed, the key recovery algorithm works for all the parameter sets recommended for this scheme. Additionally, we tested the effectiveness and performance of the key recovery algorithm through simulations and found the key recovery algorithm may retrieve the private seed when α = 0.001 (probability that a 0 bit of the original secret key will flip to a 1 bit) and β (probability that a 1 bit of the original private key will flip to a 0 bit) in the range { 0.001 , 0.01 , 0.02 , … , 0.15 } by enumerating approximately 2 40 candidates.
Highlights
This research article evaluates the feasibility of cold boot attacks on the lifted unbalanced oil and vinegar (LUOV) scheme [1,2], which is a variant of the UOV signature scheme [3]
This research article assessed the feasibility of cold boot attacks on the lifted unbalanced oil and vinegar (LUOV) scheme, a candidate in the ongoing National Institute of Standards and Technology (NIST) standardisation process of post-quantum signature schemes
Our assessment entailed reviewing two implementations of this scheme, the reference implementation and the libpqcrypto implementation, to learn the most common in-memory private key formats, and developing a key recovery algorithm exploiting the structure of this scheme
Summary
This research article evaluates the feasibility of cold boot attacks on the lifted unbalanced oil and vinegar (LUOV) scheme [1,2], which is a variant of the UOV signature scheme [3]. Evaluating a public key cryptographic scheme in this setting means analysing the feasibility of an attacker, assumed to both have a noisy version of private key and know the probabilities associated with a 1 bit to changing to 0 and vice versa, to recover the original private key from the bit-flipped version of it To this end, the attacker is needed to have knowledge about the in-memory private key representations of the scheme. Our key recovery algorithm exploits the fact this signature scheme’s private key is generated from a 256-bit seed This allows us to reconstruct it from its noisy version by treating it as a combination of blocks of chunks, each of which has an assigned log-likelihood score obtained from combining candidate values for each of the chunks from their noisy versions.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
