Skip to Main content Skip to Navigation
Journal articles

Loop-Abort Faults on Lattice-Based Signatures and Key Exchange Protocols

Abstract : Although postquantum cryptography is of growing practical concern, not many works have been devoted to implementation security issues related to postquantum schemes. In this paper, we look in particular at fault attacks against implementations of lattice-based signatures and key exchange protocols. For signature schemes, we are interested both in Fiat-Shamir type constructions (particularly BLISS, but also GLP, PASSSign, and Ring-TESLA) and in hash-and-sign schemes (particularly the GPV-based scheme of Ducas-Prest-Lyubashevsky). For key exchange protocols, we study the implementations of NewHope, Frodo, and Kyber. These schemes form a representative sample of modern, practical lattice-based signatures and key exchange protocols, and achieve a high level of efficiency in both software and hardware. We present several fault attacks against those schemes that recover the entire key recovery with only a few faulty executions (sometimes only one), show that those attacks can be mounted in practice based on concrete experiments in hardware, and discuss possible countermeasures against them.
Document type :
Journal articles
Complete list of metadatas
Contributor : Thomas Espitau <>
Submitted on : Wednesday, March 20, 2019 - 12:50:01 PM
Last modification on : Friday, March 6, 2020 - 4:18:09 PM



Thomas Espitau, Pierre-Alain Fouque, Benoit Gérard, Mehdi Tibouchi. Loop-Abort Faults on Lattice-Based Signatures and Key Exchange Protocols. IEEE Transactions on Computers, Institute of Electrical and Electronics Engineers, 2018, 67 (11), pp.1535-1549. ⟨10.1109/TC.2018.2833119⟩. ⟨hal-02073941⟩



Record views