Faulting Winternitz One-Time Signatures to Forge LMS, XMSS, or SPHINCS+ Signatures

Wagner, Alexander and Wesselkamp, Vera and Oberhansl, Felix and Schink, Marc and Strieder, Emanuele

doi:10.1007/978-3-031-40003-2_24

User: Guest

Sicherheit in der Informationstechnik (Prof. Sigl)

Back
Back to start of result list
Permanent link for displayed object

Document type:: Konferenzbeitrag
Author(s):: Wagner, Alexander and Wesselkamp, Vera and Oberhansl, Felix and Schink, Marc and Strieder, Emanuele
Title:: Faulting Winternitz One-Time Signatures to Forge LMS, XMSS, or SPHINCS+ Signatures
Abstract:: Hash-based signature (HBS) schemes are an efficient method of guaranteeing the authenticity of data in a post-quantum world. The stateful schemes LMS and XMSS and the stateless scheme SPHINCS+ are already standardised or will be in the near future. The Winternitz one-time signature (WOTS) scheme is one of the fundamental building blocks used in all these HBS standardisation proposals.We present a new fault injection attack targeting WOTS that allows an adversary to forge signatures for arbitrary messages. The attack affects both the signing and verification processes of all current stateful and stateless schemes. Our attack renders the checksum calculation within WOTS useless. A successful fault injection allows at least an existential forgery attack and, in more advanced settings, a universal forgery attack. While checksum computation is clearly a critical point in WOTS, and thus in any of the relevant HBS schemes, its resilience against a fault attack has never been considered. To fill this gap, we theoretically explain the attack, estimate its practicability, and derive the brute-force complexity to achieve signature forgery for a variety of parameter sets. We analyse the reference implementations of LMS, XMSS and SPHINCS+ and pinpoint the vulnerable points. To harden these implementations, we propose countermeasures and evaluate their effectiveness and efficiency. Our work shows that exposed devices running signature generation or verification with any of these three schemes must have countermeasures in place. «
Hash-based signature (HBS) schemes are an efficient method of guaranteeing the authenticity of data in a post-quantum world. The stateful schemes LMS and XMSS and the stateless scheme SPHINCS+ are already standardised or will be in the near future. The Winternitz one-time signature (WOTS) scheme is one of the fundamental building blocks used in all these HBS standardisation proposals.We present a new fault injection attack targeting WOTS that allows an adversary to forge signatures for ar... »
Keywords:: fault injection · post-quantum cryptography · hash-based signatures · winternitz one-time signatures · LMS · XMSS · SPHINCS+
Dewey Decimal Classification:: 620 Ingenieurwissenschaften
Editor:: Johansson, Thomas; Smith-Tone, Daniel
Book / Congress title:: Post-Quantum Cryptography - 14th International Workshop, PQCrypto 2023, College Park, MD, USA, August 16-18, 2023, Proceedings
Congress (additional information):: College Park, USA
Volume:: 14154
Publisher:: Springer
Year:: 2023
Quarter:: 3. Quartal
Year / month:: 2023-08
Month:: Aug
Pages:: 658--687
Bookseries title:: Lecture Notes in Computer Science
Reviewed:: ja
Language:: en
Fulltext / DOI:: doi:10.1007/978-3-031-40003-2_24
WWW:: https://doi.org/10.1007/978-3-031-40003-2_24
BibTeX

Occurrences:

mediaTUM Gesamtbestand Hochschulbibliographie 2023 Schools und Fakultäten TUM School of Computation, Information and Technology Sicherheit in der Informationstechnik (Prof. Sigl)

mediaTUM Gesamtbestand Einrichtungen Schools TUM School of Computation, Information and Technology Departments Computer Engineering Sicherheit in der Informationstechnik (Prof. Sigl)2023