Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics

Publikationstyp
Conference Paper
Date Issued
2017-10
Sprache
English
Author(s)
Bindel, Nina  
Buchmann, Johannes  
Krämer, Juliane  
Mantel, Heiko 
Schickel, Johannes  
Weber, Alexandra  
TORE-URI
http://hdl.handle.net/11420/13846
First published in
Lecture notes in computer science  
Number in series
10723 LNCS
Start Page
225
End Page
241
Citation
Lecture Notes in Computer Science 10723 LNCS: 225-241 (2018)
Contribution to Conference
10th International Symposium on Foundations and Practice of Security, FPS 2017  
Publisher DOI
10.1007/978-3-319-75650-9_15
Scopus ID
2-s2.0-85042531399
Publisher
Springer International Publishing AG
In contrast to classical signature schemes, such as RSA or ECDSA signatures, the lattice-based signature scheme ring-TESLA is expected to be resistant even against quantum adversaries. Due to a recent key recovery from a lattice-based implementation, it becomes clear that cache side channels are a serious threat for lattice-based implementations. In this article, we analyze an existing implementation of ring-TESLA against cache side channels. To reduce the effort for manual code inspection, we selectively employ automated program analysis. The leakage bounds we compute with program analysis are sound overapproximations of cache-side-channel leakage. We detect four cache-side-channel vulnerabilities in the implementation of ring-TESLA. Since two vulnerabilities occur in implementations of techniques common to lattice-based schemes, they are also interesting beyond ring-TESLA. Finally, we show how the detected vulnerabilities can be mitigated effectively.
DDC Class
004: Informatik