Transactions on Cryptographic Hardware and Embedded Systems, Volume 2023
On Protecting SPHINCS+ Against Fault Attacks
Aymeric Genêt
EPFL and Nagra Kudelski Group, Switzerland
Keywords: SPHINCS , fault attack, countermeasures, post-quantum signature, hash-based cryptography
Abstract
SPHINCS+ is a hash-based digital signature scheme that was selected by NIST in their post-quantum cryptography standardization process. The establishment of a universal forgery on the seminal scheme SPHINCS was shown to be feasible in practice by injecting a fault when the signing device constructs any non-top subtree. Ever since the attack has been made public, little effort was spent to protect the SPHINCS family against attacks by faults. This paper works in this direction in the context of SPHINCS+ and analyzes the current algorithms that aim to prevent fault-based forgeries.
First, the paper adapts the original attack to SPHINCS+ reinforced with randomized signing and extends the applicability of the attack to any combination of faulty and valid signatures. Considering the adaptation, the paper then presents a thorough analysis of the attack. In particular, the analysis shows that, with high probability, the security guarantees of SPHINCS+ significantly drop when a single random bit flip occurs anywhere in the signing procedure and that the resulting faulty signature cannot be detected with the verification procedure. The paper shows both in theory and experimentally that the countermeasures based on caching the intermediate W-OTS+s offer a marginally greater protection against unintentional faults, and that such countermeasures are circumvented with a tolerable number of queries in an active attack. Based on these results, the paper recommends real-world deployments of SPHINCS+ to implement redundancy checks.
Publication
Transactions of Cryptographic Hardware and Embedded Systems, Volume 2023, Issue 2
PaperArtifact
Artifact number
tches/2023/a5
Artifact published
September 4, 2023
Some files in this archive are licensed under a different license. See the contents of this archive for more information.
BibTeX How to cite
Genêt, A. (2023). On Protecting SPHINCS+ Against Fault Attacks. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2023(2), 80–114. https://doi.org/10.46586/tches.v2023.i2.80-114. Artifact at https://artifacts.iacr.org/tches/2023/a5.