Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Attack against NTRU Signature Implementation and Its Countermeasure

NTRU 서명 시스템 구현에 대한 오류 주입 공격 및 대응 방안 연구

  • Received : 2018.03.09
  • Accepted : 2018.04.10
  • Published : 2018.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

As the computational technology using quantum computing has been developed, several threats on cryptographic systems are recently increasing. Therefore, many researches on post-quantum cryptosystems which can withstand the analysis attacks using quantum computers are actively underway. Nevertheless, the lattice-based NTRU system, one of the post-quantum cryptosystems, is pointed out that it may be vulnerable to the fault injection attack which uses the weakness of implementation of NTRU. In this paper, we investigate the fault injection attacks and their previous countermeasures on the NTRU signature system and propose a secure and efficient countermeasure to defeat it. As a simulation result, the proposed countermeasure has high fault detection ratio and low implementation costs.

최근 양자 컴퓨팅을 활용한 연산 기술이 발달함에 따라 기존 암호 시스템들에 대한 안전성이 위협받고 있다. 이에 따라 양자 컴퓨터를 이용한 분석 공격에도 견딜 수 있는 새로운 포스트 양자 암호시스템(post-quantum cryptosystem)에 대한 연구가 활발하다. 그럼에도 불구하고 NTRU와 같은 격자 기반의 포스트 양자 암호시스템도 구현상에서 발생하는 취약점을 이용하는 오류 주입 공격에 의해 비밀 키가 노출될 수 있음이 밝혀졌다. 본 논문에서는 NTRU 서명 시스템에 대한 기존의 오류 주입 공격 대응 기법을 분석하고 효율성과 안전성이 개선된 새로운 대응 기법을 제안한다. 제안된 대응 기법에 대해 시뮬레이션을 수행한 결과, 오류 주입 검출율이 우수하며 구현이 효율적임을 확인하였다.

Keywords

References

  1. P. Shor, "Algorithms for quantum computation: Discrete logarithms and factoring," Proceedings of the 35th Annual Symposium on Foundations of Computer Science, pp. 124-134, 1994.
  2. P. Kocher, "Timing Attacks on Implementation of Diffie-Hellman, RSA, DSS, and Other Systems," CRYPTO'96, LNCS 1109, pp. 104-113, 1996.
  3. J. Coron, "Resistance against differential power analysis for elliptic curve cryptosystems," CHES'99, LNCS 1717, pp. 292-302, 1999.
  4. T. Messerges, E. Dabbis, and R. Sloan, "Power analysis attacks of modular exponentiation in smartcard," CHES'99, LNCS 1717, pp. 144-157, 1999.
  5. E. Biham and A. Shamir, "Differential fault analysis of secret key cryptosystems," CRYPTO'97. LNCS 1294, pp. 513-525, 1997.
  6. D. Boneh, R. DeMillo, and R. Lipton, "On the Importance of Checking Cryptographic Protocols for Faults," EUROCRYPT'97, LNCS 1233, pp. 37-51, 1997.
  7. J. Hoffstein, J. Pipher, and J. Silverman, "NTRU: A Ring-Based Public Key Cryptosystem," ANTS'98, LNCS 1423, pp. 267-288, 1998.
  8. J. Hoffstein, J. Pipher, and J. Silverman, "NSS: An NTRU latticebased signature scheme," EUROCRYPT'01, LNCS 2045, pp. 211-228, 2001.
  9. J. Hoffstein, N. Graham, J. Pipher, J. Silverman, and W. Whyte, "NTRUSign: Digital signatures using the NTRU lattice," CT-RSA'03, LNCS 2612, pp. 122-140, 2003.
  10. IEEE P1363.1: "Public-Key Cryptographic Techniques Based on Hard Problems over Lattices," version D12, 2008.
  11. M. Taha and T. Eisenbarth. "Implementation Attacks on Post-Quantum Cryptographic Schemes," IACR Cryptology ePrint Archive 2015/1083, 2015.
  12. A. Kamal and A. Youssef., "Strengthening hardware implementations of NTRUEncrypt against fault analysis attacks," Journal of Cryptographic Engineering, pp. 227-240, 2013.
  13. A. A. Kamal and A. M. Youssef. "Fault analysis of the NTRUSign digital signature scheme," Cryptography and Communications, pp. 131-144, 2012.
  14. J. Hoffstein, N. Howgrave-Graham, J. Pipher, and W. Whyte, "Practical lattice-based cryptography: NTRUEncrypt and NTRUSign," The LLL Algorithm : Survey and Applications Information Security and Cryptography, pp. 349-390, Springer, 2010.
  15. J. Hoffstein, N. Howgrave-Graham, J. Pipher, and W. Whyte, "Performance improvements and a baseline parameter generation algorithm for NTRUSign," In Proc. of Workshop on Mathematical Problems and Techniques in Cryptology, pp. 99-126, Barcelone, Spain, 2005.
  16. P. Rauzy and S. Guillry. "Countermeasure against high-order faultinjection attacks on CRT-RSA,"