Lattice Attack Research Articles

Memory adds no cost to lattice sieving for computers in 3 or more spatial dimensions

The security of lattice-based crytography (LWE, NTRU, and FHE) depends on the hardness of the shortest-vector problem (SVP). Sieving algorithms give the lowest asymptotic runtime to solve SVP, but depend on exponential memory. Memory access costs much more in reality than in the RAM model, so we consider a computational model where processors, memory, and meters of wire are in constant proportions to each other. While this adds substantial costs to route data during lattice sieving, we modify existing algorithms to amortize these costs and find that, asymptotically, a classical computer can achieve the previous RAM model cost of 2 0.2925 d + o ( d ) to sieve a d -dimensional lattice for a computer existing in 3 or more spatial dimensions, and can reach 2 0.3113 d + o ( d ) in 2 spatial dimensions, where “spatial dimensions” are the dimensions of the physical geometry in which the computer exists. Since this result implies an increased cost in 2 spatial dimensions, we make several assumptions about the constant terms of memory access and lattice attacks so that we can give bit security estimates for Kyber and Dilithium. These estimates support but do not increase the security categories claimed in the Kyber and Dilithium specifications, at least with respect to known attacks.

Lattice attacks on pairing-based signatures

ABSTRACT Practical implementations of cryptosystems often suffer from critical information leakage through side-channels (such as their power consumption or their electromagnetic emanations). For public-key cryptography on embedded systems, the core operation is usually group exponentiation – or scalar multiplication on elliptic curves – which is a sequence of group operations derived from the private-key that may reveal secret bits to an attacker (on an unprotected implementation). We present lattice-based polynomial-time (heuristic) algorithms that recover the signer’s secret in popular pairing-based signatures when used to sign several messages under the assumption that blocks of consecutive bits of the corresponding exponents are known by the attacker. Our techniques rely upon Coppersmith's method and apply to many signatures in the so-called exponent-inversion framework in the standard security model (i.e. Boneh-Boyen, Gentry and Pontcheval-Sanders signatures) as well as in the random oracle model (i.e. Sakai-Kasahara signatures).

Easily Overlooked Vulnerability in Implementation: Practical Fault Attack on ECDSA Round Counter

ECC is a widely used public key cryptosystem. Though it has good theoretical security, it is still vulnerable to some physical attacks due to the implementation weakness. To resist the attacks, a number of physical countermeasures have been proposed. However, there are still some implementation vulnerabilities that may be overlooked, leading to more practical and effective attacks. In this paper, we construct a new fault attack on round counter which is a component of scalar multiplications in ECDSA. The attack is divided into two parts. In the first part, the partial bits of nonce in each signature can be recovered by the fault injection on round counter. In the second part, an efficient lattice attack can be constructed to recover the private key by combining the recovered bits. Compared with other lattice-based fault attacks, our attack has the advantage of practicability and effectiveness. Especially it has less requirement of moment precision and wide applicability of scalar multiplications, which is the critical factors for practicability and effectiveness. To verify the strength of our attack, we carry on the laser injection experiments respectively on an AVR MCU(ATmega163L) and a Kintex-7 FPGA(XC7K325T). The experiment results verify the practicability and effectiveness of the attack in both software and hardware platform. Finally, we also propose two directions for efficient countermeasures against our attack.

Exploring the Intersection of Lattice Attacks and Blockchain Technology: A Heuristic Approach Using TPM2.0 ECDSA to Ascertain and Approach the Boundary

Lattice attacks can compromise the security of encryption algorithms used in blockchain networks, allowing attackers to tamper with transaction records, steal private keys, and execute other forms of attacks. With symmetric encryption, both parties can encrypt and decrypt messages using the same key. Lattice attacks on digital signature algorithms (ECDSA) involve forming a basis and setting a target vector from signatures, then solving the closest vector problem (CVP) or shortest vector problem (SVP) in the generated lattice to obtain the private key. Prior research focused on obtaining leakage information from the signature’s random nonce to facilitate a CVP or SVP solution. This study establishes a clear boundary for a successful ECDSA attack and introduces a “double basis” lattice version that expands the boundary or reduces the necessary signatures by nearly half with the same lattice rank. To approach the boundary, a heuristic strategy is employed to shift the target vector in different directions with a feasible step size, using tests on the Trusted Platform Module (TPM) 2.0 ECDSA. The distance from the closest moved target vector to the boundary is reduced by a ratio of 424 to 179 to the minimal length of orthogonal vectors in the formed basis. Experimental results show that moving attempts in two directions with the original basis and 84 signatures take approximately 247.7 s on the experiment computer.

Improved Attacks on (EC)DSA with Nonce Leakage by Lattice Sieving with Predicate

Lattice reduction algorithms have been proved to be one of the most powerful and versatile tools in public key cryptanalysis. In this work, we primarily concentrate on lattice attacks against (EC)DSA with nonce leakage via some sidechannel analysis. Previous works relying on lattice reduction algorithms such as LLL and BKZ will finally lead to the “lattice barrier”: lattice algorithms become infeasible when only fewer nonce is known. Recently, Albrecht and Heninger introduced lattice algorithms augmented with a predicate and broke the lattice barrier (Eurocrypt 2021). We improve their work in several aspects.We first propose a more efficient predicate algorithm which aims to search for the target lattice vector in a large database. Then, we combine sieving with predicate algorithm with the “dimensions for free” and “progressive sieving” techniques to further improve the performance of our attacks. Furthermore, we give a theoretic analysis on how to choose the optimal Kannan embedding factor.As a result, our algorithm outperforms the state-of-the-art lattice attacks for existing records such as 3-bit nonce leakage for a 256-bit curve and 2-bit nonce leakage for a 160-bit curve in terms of running time, sample numbers and success probability. We also break the lattice records on the 384-bit curve with 3-bit nonce leakage and the 256-bit curve with 2-bit nonce leakage which are thought infeasible previously. Finally, we give the first lattice attack against ECDSA with a single-bit nonce leakage, which enables us to break a 112-bit curve with 1-bit nonce leakage in practical time.

Revisiting lower dimension lattice attacks on NTRU

Vectors are called short vectors when the Euclidean norm of vectors is relatively small. By now, some researches have been done to find sufficient short vectors in certain variants of NTRU lattice to analyze the security of NTRU systems. These variants are all taking advantage of the property of NTRU cryptosystem to modify the standard NTRU lattice. Related variants include zero-run lattices with dimension 2N, zero-forced lattices with dimension 2(N−r), r<N, and IN-lattices with dimension N.Motivated by different constructions, we revisit related variants and develop some techniques to further reduce the dimension of IN-lattice, such that the expected breaking time can be decreased significantly. Firstly, by working with the cyclic matrix associated with the NTRU public key h, shifts of the private vector f can be accommodated. Hence, t randomly chosen coefficients in a shift of the private vector f can be forced to equal zero. This not only results in a new lattice with a lower dimension but also creates an environment to utilize parallel mechanisms to improve the probability of success. Finally, experiments have demonstrated that our approach outperforms the previous methods.

Solving HNP with One Bit Leakage: An Asymmetric Lattice Sieving Algorithm

The Hidden Number Problem (HNP) was introduced by Boneh and Venkastesan to analyze the bit-security of the Diffie-Hellman key exchange scheme. It is often used to mount a side-channel attack on (EC)DSA. The hardness of HNP is mainly determined by the number of nonce leakage bits and the size of the modulus. With the development of lattice reduction algorithms and lattice sieving, the range of practically vulnerable parameters are extended further. However, 1-bit leakage is still believed to be challenging for lattice attacks. In this paper, we proposed an asymmetric lattice sieving algorithm that can solve HNP with 1-bit leakage. The algorithm is composed of a BKZ pre-processing and a sieving step. The novel part of our lattice sieving algorithm is that the lattice used in these two steps have different dimensions. In particular, in the BKZ step we use more samples to derive a better lattice basis, while we just use truncated lattice basis for the lattice sieving step. To verify our algorithm, we use it to solve HNP with 1-bit leakage and 116-bit modulus.

Threshold Homomorphic Encryption From Provably Secure NTRU

Abstract Homomorphic Encryption (HE) supports computation on encrypted data without the need to decrypt, enabling secure outsourcing of computing to an untrusted cloud. Motivated by application scenarios where private information is offered by different data owners, Multi-Key Homomorphic Encryption (MKHE) and Threshold Homomorphic Encryption (ThHE) were proposed. Unlike MKHE, ThHE schemes do not require expensive ciphertext extension procedures and are therefore as efficient as their underlying single-key HE schemes. In this work, we propose a novel NTRU-type ThHE scheme which caters to the computation scenarios with pre-defined participants. In addition to inheriting the simplicity of NTRU scheme, our construction has no expensive relinearization and correspondingly no costly evaluation keys. Controlling noise to make it increase linearly and then using a wide key distribution, our scheme is immune to the subfield lattice attacks and its security follows from the hardness of the standard R-LWE problem. Finally, based on the {0,1}-linear secret sharing and noise flooding techniques, we design a single round distributed threshold decryption protocol, where the decryption is able to be completed even when only given a subset (say $t$-out-of-$k$) of partial decryptions. To the best of our knowledge, our construction is the first NTRU-type ThHE scheme.

Timing leakage to break SM2 signature algorithm

SM2 digital signature algorithm (SM2-DSA) is a Chinese public key cryptography standard, which is also ISO/IEC standard. However, seldom publications show the evaluation results for combination analysis of side-channel and lattice theory. The combination attack is powerful and has been confirmed on ECDSA schemes. We target SM2-DSA to evaluate security with respect to the combinated analysis. Given the most significant zero bits, we provide the detailed deduction of inequations for lattice construction. We confirmed the validity of our deduction and also confirmed security bounder where a successful lattice attack requires at least 6 bits leakage of nonce. Our results show a greatly difference from the results gained under the least significant bits leakage. We then provide a comprehensive analysis on parameters selection of lattice reduction. Our results can be a guide for both security evaluation and secure implementation design.

Method for increasing the degree of protection of message encryption based on an algorithm for a constant component in time

Currently, asymmetric cryptosystems are used everywhere, in document management for cryptocurrencies, providing a high level of protection to end users, relying on the mathematical complexity of calculating a discrete algorithm. But, it is possible to make a cryptocurrency attack on the so-called ephemeral key, which is an auxiliary key when creating a signature. Recent works have shown examples of cryptocurrencies on the random number generator, processor cache, timing attacks. However, these attacks do not work when the numerical value of the bits is unknown. Also, recent work shows the main vulnerability in the case signature, namely the inverse module calculation algorithm that is vulnerable to timing attacks. The article considers the damage of cryptosystems such as DSA and ECDSA before the attack based on the analysis of the variable time of signing the message. A mathematical model has been developed to test this type of lesion, based on lattice attacks. It is shown that if there are enough signatures with the same signing time, it is possible to identify the presence of common bits of ephemeral keys, which will restore the sender's private key. It is proved that the cause of the lesion is the lack of execution of the operation of calculating the inverse module of the time variable, which provides ephemeral key data to the attacker. To solve this problem, an extended Euclidean algorithm for calculating the inverse module for a fixed time is proposed. In this paper, the advanced Euclidean algorithm for calculating the inverse module is improved, namely, its constant time execution is achieved, which prevents timed attacks.

Revisiting orthogonal lattice attacks on approximate common divisor problems

In this paper, we revisit three existing types of orthogonal lattice (OL) attacks and propose optimized cases to solve approximate common divisor (ACD) problems. In order to reduce both space and time costs, we also make an improved lattice using the rounding technique. Further, we present asymptotic formulas of the time complexities on our optimizations as well as three known OL attacks. Besides, we give specific conditions that the optimized OL attacks can work and show how the attack ability depends on the blocksize β in the BKZ-β algorithm.

Guessing Bits: Improved Lattice Attacks on (EC)DSA with Nonce Leakage

The lattice reduction attack on (EC)DSA (and other Schnorr-like signature schemes) with partially known nonces, originally due to Howgrave-Graham and Smart, has been at the core of many concrete cryptanalytic works, side-channel based or otherwise, in the past 20 years. The attack itself has seen limited development, however: improved analyses have been carried out, and the use of stronger lattice reduction algorithms has pushed the range of practically vulnerable parameters further, but the lattice construction based on the signatures and known nonce bits remain the same.In this paper, we propose a new idea to improve the attack based on the same data in exchange for additional computation: carry out an exhaustive search on some bits of the secret key. This turns the problem from a single bounded distance decoding (BDD) instance in a certain lattice to multiple BDD instances in a fixed lattice of larger volume but with the same bound (making the BDD problem substantially easier). Furthermore, the fact that the lattice is fixed lets us use batch/preprocessing variants of BDD solvers that are far more efficient than repeated lattice reductions on non-preprocessed lattices of the same size. As a result, our analysis suggests that our technique is competitive or outperforms the state of the art for parameter ranges corresponding to the limit of what is achievable using lattice attacks so far (around 2-bit leakage on 160-bit groups, or 3-bit leakage on 256-bit groups).We also show that variants of this idea can also be applied to bits of the nonces (leading to a similar improvement) or to filtering signature data (leading to a data-time trade-off for the lattice attack). Finally, we use our technique to obtain an improved exploitation of the TPM–FAIL dataset similar to what was achieved in the Minerva attack.

RASSLE: Return Address Stack based Side-channel LEakage

Microarchitectural attacks on computing systems often stem from simple artefacts in the underlying architecture. In this paper, we focus on the Return Address Stack (RAS), a small hardware stack present in modern processors to reduce the branch miss penalty by storing the return addresses of each function call. The RAS is useful to handle specifically the branch predictions for the RET instructions which are not accurately predicted by the typical branch prediction units. In particular, we envisage a spy process who crafts an overflow condition in the RAS by filling it with arbitrary return addresses, and wrestles with a concurrent process to establish a timing side channel between them. We call this attack principle, RASSLE 1 (Return Address Stack based Side-channel Leakage), which an adversary can launch on modern processors by first reverse engineering the RAS using a generic methodology exploiting the established timing channel. Subsequently, we show three concrete attack scenarios: i) How a spy can establish a covert channel with another co-residing process? ii) How RASSLE can be utilized to determine the secret key of the P-384 curves in OpenSSL (v1.1.1 library)? iii) How an Elliptic Curve Digital Signature Algorithm (ECDSA) secret key on P-256 curve of OpenSSL can be revealed using Lattice Attack on partially leaked nonces with the aid of RASSLE? In this attack, we show that the OpenSSL implementation of scalar multiplication on this curve has varying number of add-and-sub function calls, which depends on the secret scalar bits. We demonstrate through several experiments that the number of add-and-sub function calls can be used to template the secret bit, which can be picked up by the spy using the principles of RASSLE. Finally, we demonstrate a full end-to-end attack on OpenSSL ECDSA using curve parameters of curve P-256. In this part of our experiments with RASSLE, we abuse the deadline scheduler policy to attain perfect synchronization between the spy and victim, without any aid of induced synchronization from the victim code. This synchronization and timing leakage through RASSLE is sufficient to retrieve the Most Significant Bits (MSB) of the ephemeral nonces used while signature generation, from which we subsequently retrieve the secret signing key of the sender applying the Hidden Number Problem.&#x0D; 1RASSLE is a non-standard spelling for wrestle.

Lattice Attacks on NTRU Revisited

NTRU cryptosystem was proposed by J. Hoffstein, J.Pipher and J.H. Silverman in 1996, whose security is related to the hardness of finding sufficient short vectors in NTRU lattice with dimension $2N$ . Many researchers conjecture that the private key vector is indeed the shortest vector in the lattice in most cases. However, no formal proof has been provided in the literature before to the best of our knowledge. In this paper, we revisit the lattice attack on NTRU and present a new dimension reduction attack on NTRU without considering the pattern of private polynomials. More precisely, we show that one can recover a group of equivalent private keys by solving shortest vector problem in a new dimension-reduced lattice with dimension $N+k, k , where $k$ is related to the specific parameters selected. As a corollary of our attack, we prove that the private key vector and its rotations are the shortest vectors of the original NTRU lattice with an overwhelming probability, which confirms the conjecture of the length of the shortest vector of the original NTRU lattice.

Learning Strikes Again: The Case of the DRS Signature Scheme

Lattice signature schemes generally require particular care when it comes to preventing secret information from leaking through signature transcript. For example, the Goldreich–Goldwasser–Halevi (GGH) signature scheme and the NTRUSign scheme were completely broken by the parallelepiped-learning attack of Nguyen and Regev (Eurocrypt 2006). Several heuristic countermeasures were also shown vulnerable to similar statistical attacks. At PKC 2008, Plantard, Susilo and Win proposed a new variant of GGH, informally arguing resistance to such attacks. Based on this variant, Plantard, Sipasseuth, Dumondelle and Susilo proposed a concrete signature scheme, called DRS, that is in the round 1 of the NIST post-quantum cryptography project. In this work, we propose yet another statistical attack and demonstrate a weakness of the DRS scheme: one can recover some partial information of the secret key from sufficiently many signatures. One difficulty is that, due to the DRS reduction algorithm, the relation between the statistical leak and the secret seems more intricate. We work around this difficulty by training a statistical model, using a few features that we designed according to a simple heuristic analysis. While we only recover partial secret coefficients, this information is easily exploited by lattice attacks, significantly decreasing their complexity. Concretely, we claim that, provided that $$100\,000$$ signatures are available, the secret key may be recovered using BKZ-138 for the first set of DRS parameters submitted to the NIST. This puts the security level of this parameter set below 80-bits (maybe even 70-bits), to be compared to an original claim of 128-bits. Furthermore, we review the DRS v2 scheme that is proposed to resist above statistical attack. For this countermeasure, while one may not recover partial secret coefficients exactly by learning, it seems feasible to gain some information on the secret key. Exploiting this information, we can still effectively reduce the cost of lattice attacks.

Minerva: The curse of ECDSA nonces

We present our discovery of a group of side-channel vulnerabilities in implementations of the ECDSA signature algorithm in a widely used Atmel AT90SC FIPS 140-2 certified smartcard chip and five cryptographic libraries (libgcrypt, wolfSSL, MatrixSSL, SunEC/OpenJDK/Oracle JDK, Crypto++). Vulnerable implementations leak the bit-length of the scalar used in scalar multiplication via timing. Using leaked bit-length, we mount a lattice attack on a 256-bit curve, after observing enough signing operations. We propose two new methods to recover the full private key requiring just 500 signatures for simulated leakage data, 1200 for real cryptographic library data, and 2100 for smartcard data. The number of signatures needed for a successful attack depends on the chosen method and its parameters as well as on the noise profile, influenced by the type of leakage and used computation platform. We use the set of vulnerabilities reported in this paper, together with the recently published TPM-FAIL vulnerability [MSE+20] as a basis for real-world benchmark datasets to systematically compare our newly proposed methods and all previously published applicable lattice-based key recovery methods. The resulting exhaustive comparison highlights the methods’ sensitivity to its proper parametrization and demonstrates that our methods are more efficient in most cases. For the TPM-FAIL dataset, we decreased the number of required signatures from approximately 40 000 to mere 900.

Flattening NTRU for Evaluation Key Free Homomorphic Encryption

AbstractWe propose a new FHE scheme F-NTRU that adopts the flattening technique proposed in GSW to derive an NTRU based scheme that (similar to GSW) does not require evaluation keys or key switching. Our scheme eliminates the decision small polynomial ratio assumption but relies only on the standard R-LWE assumption. It uses wide key distributions, and hence is immune to Subfield Lattice Attack. In practice, our scheme achieves competitive timings compared to the existing schemes. We are able to compute a homomorphic multiplication in 24.4 msec and 76.0 msec for 5 and 30 levels, respectively, without amortization. Furthermore, our scheme features small ciphertexts, e.g. 2376 KB for 30 levels. The assurance gained by using wide key distributions along with the message space flexibility of the scheme, i.e. bits, binary polynomials, and integers with a large message space, allows the use of the proposed scheme in a wide array of applications.

A probabilistic analysis on a lattice attack against DSA

Analyzing the security of cryptosystems under attacks based on the malicious modification of memory registers is a research topic of high importance. This type of attack may affect the randomness of the secret parameters by forcing a limited number of bits to a certain value which can be unknown to the attacker. In this context, we revisit the attack on DSA presented by Faugere, Goyet and Renault during the conference SAC 2012: we modify their method and provide a probabilistic approach in opposition to the heuristic proposed therein to measure the limits of the attack. More precisely, the main problem is formulated as a closest vector problem in a lattice, then we study the distribution of vectors with bounded norm in the lattices involved and apply the result to predict the attack behavior. The benefits of this approach are several: The probability of success of this attack can be lower bounded under some conjecture, which is validated by computational experiments. Also, it finds applications to the FLUSH+RELOAD side-channel attack, studied by van de Pol et al. At the end of the article, there is a summary of findings.

A non-commutative cryptosystem based on quaternion algebras

We propose BQTRU, a non-commutative NTRU-like cryptosystem over quaternion algebras. This cryptosystem uses bivariate polynomials as the underling ring. The multiplication operation in our cryptosystem can be performed with high speed using quaternions algebras over finite rings. As a consequence, the key generation and encryption process of our cryptosystem is faster than NTRU in comparable parameters. Typically using Strassen’s method, the key generation and encryption process is approximately 16 / 7 times faster than NTRU for an equivalent parameter set. Moreover, the BQTRU lattice has a hybrid structure that makes inefficient standard lattice attacks on the private key. This entails a higher computational complexity for attackers providing the opportunity of having smaller key sizes. Consequently, in this sense, BQTRU is more resistant than NTRU against known attacks at an equivalent parameter set. Moreover, message protection is feasible through larger polynomials and this allows us to obtain the same security level as other NTRU-like cryptosystems but using lower dimensions.

A lower dimension lattice attack on NTRU

A lower dimension lattice attack on NTRU