Abstract
In this paper, we investigate the security of Rainbow and Unbalanced Oil-and-Vinegar (UOV) signature schemes based on multivariate quadratic equations, which is one of the most promising alternatives for post-quantum signature schemes, against side-channel attacks. We describe correlation power analysis (CPA) on the schemes that yield full secret key recoveries. First, we identify a secret leakage of secret affine maps S and T during matrix-vector products in signing when Rainbow is implemented with equivalent keys rather than random affine maps for optimal implementations. In this case, the simple structure of the equivalent keys leads to the retrieval of the entire secret affine map T. Next, we extend the full secret key recovery to the general case using random affine maps via a hybrid attack: after recovering S by performing CPA, we recover T by mounting algebraic key recovery attacks. We demonstrate how this leakage on Rainbow can be practically exploited on an 8-bit AVR microcontroller using CPA. Consequently, our CPA can be applied to Rainbow-like multi-layered schemes regardless of the use of the simple-structured equivalent keys and UOV-like single layer schemes with the implementations using the equivalent keys of the simple structure. This is the first result on the security of multivariate quadratic equations-based signature schemes using only CPA. Our result can be applied to Rainbow-like multi-layered schemes and UOV-like single layer schemes submitted to NIST for Post-Quantum Cryptography Standardization.
Highlights
Security of the most widely used public-key cryptosystems (PKCs), such as RSA and ECDSA, is based on the hardness of the integer factorization problem or the discrete logarithm problem
We provide the first results on the security of multivariate quadratic equations (MQ)-signature schemes using correlation power analysis (CPA) and algebraic key recovery attacks (KRAs)
Only via CPA, we succeeded in recovering a full secret key on Rainbow implemented by the equivalent keys in the form of Fig. 1 due to the special structure of the equivalent keys
Summary
Security of the most widely used public-key cryptosystems (PKCs), such as RSA and ECDSA, is based on the hardness of the integer factorization problem or the (elliptic curve) discrete logarithm problem. These hard problems are known to be solvable by Shor’s quantum algorithm in polynomial time [Sho97]. These cryptographic primitives are believed to be resistant against both classical and quantum attacks, and this has been increased confidence in their adoptability as post-quantum alternatives. Submissions to NIST’s Post-Quantum Cryptography Standardization are for post-quantum public-key encryption, key exchange and digital signature [NIS16a]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
