A One-Time Single-bit Fault Leaks All Previous NTRU-HRSS Session Keys to a Chosen-Ciphertext Attack

被引：0

作者：

Bernstein, Daniel J. ^{[1
,2
]}

机构：

[1] Univ Illinois, Dept Comp Sci, Chicago, IL 60612 USA

[2] Ruhr Univ Bochum, Horst Gortz Inst IT Secur, Bochum, Germany

来源：

PROGRESS IN CRYPTOLOGY, INDOCRYPT 2022 | 2022年 / 13774卷

基金：

美国国家科学基金会;

关键词：

Chosen-ciphertext attacks; Natural faults; Implicit rejection; ENCRYPTION; DECRYPTION; ERRORS;

D O I：

10.1007/978-3-031-22912-1_27

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This paper presents an efficient attack that, in the standard IND-CCA2 attack model plus a one-time single-bit fault, recovers the NTRU-HRSS session key. This type of fault is expected to occur for many users through natural DRAM bit flips. In a multi-target IND-CCA2 attack model plus a one-time single-bit fault, the attack recovers every NTRU-HRSS session key that was encapsulated to the targeted public key before the fault. Software carrying out the full multi-target attack, using a simulated fault, is provided for verification. This paper also explains how a change in NTRU-HRSS in 2019 enabled this attack.

引用

页码：617 / 643

页数：27