Lattice Attacks on Pairing-Based Signatures

Thierry Mefenza Nountu 1, 2 Damien Vergnaud 3, 4
2 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, CNRS - Centre National de la Recherche Scientifique : UMR 8548, Inria de Paris
4 ALMASTY - ALgorithms for coMmunicAtion SecuriTY
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : Practical implementations of cryptosystems often suffer from critical information leakage through side-channels (such as their power consumption or their electromagnetic emanations). For public-key cryptography on embedded systems, the core operation is usually group exponentiation – or scalar multiplication on elliptic curves – which is a sequence of group operations derived from the private-key that may reveal secret bits to an attacker (on an unprotected implementation). We present lattice-based polynomial-time (heuristic) algorithms that recover the signer’s secret in popular pairing-based signatures when used to sign several messages under the assumption that blocks of consecutive bits of the corresponding exponents are known by the attacker. Our techniques relies upon Coppersmith method and apply to all signatures in the so-called exponent-inversion framework in the standard security model (i.e. Boneh-Boyen and Gentry signatures) as well as in the random oracle model (i.e. Sakai-Kasahara signatures).
Document type :
Conference papers
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-01737064
Contributor : Damien Vergnaud <>
Submitted on : Monday, March 19, 2018 - 10:49:04 AM
Last modification on : Tuesday, May 14, 2019 - 11:00:03 AM

Identifiers

Citation

Thierry Mefenza Nountu, Damien Vergnaud. Lattice Attacks on Pairing-Based Signatures. IMACC 2017 - 16th IMA International Conference on Cryptography and Coding, Dec 2017, Oxford, United Kingdom. pp.352-370, ⟨10.1007/978-3-319-71045-7_18⟩. ⟨hal-01737064⟩

Share

Metrics

Record views

146