Faulting Winternitz One-Time Signatures to Forge LMS, XMSS, or SPHINCS+ Signatures

Wagner, Alexander and Wesselkamp, Vera and Oberhansl, Felix and Schink, Marc and Strieder, Emanuele

doi:10.1007/978-3-031-40003-2_24

Benutzer: Gast

DBLP:conf/pqcrypto/WagnerWOSS23

Titel:: Faulting Winternitz One-Time Signatures to Forge LMS, XMSS, or SPHINCS+ Signatures
Dokumenttyp:: Konferenzbeitrag
Autor(en):: Wagner, Alexander and Wesselkamp, Vera and Oberhansl, Felix and Schink, Marc and Strieder, Emanuele
Abstract:: Hash-based signature (HBS) schemes are an efficient method of guaranteeing the authenticity of data in a post-quantum world. The stateful schemes LMS and XMSS and the stateless scheme SPHINCS+ are already standardised or will be in the near future. The Winternitz one-time signature (WOTS) scheme is one of the fundamental building blocks used in all these HBS standardisation proposals.We present a new fault injection attack targeting WOTS that allows an adversary to forge signatures for arbitrary messages. The attack affects both the signing and verification processes of all current stateful and stateless schemes. Our attack renders the checksum calculation within WOTS useless. A successful fault injection allows at least an existential forgery attack and, in more advanced settings, a universal forgery attack. While checksum computation is clearly a critical point in WOTS, and thus in any of the relevant HBS schemes, its resilience against a fault attack has never been considered. To fill this gap, we theoretically explain the attack, estimate its practicability, and derive the brute-force complexity to achieve signature forgery for a variety of parameter sets. We analyse the reference implementations of LMS, XMSS and SPHINCS+ and pinpoint the vulnerable points. To harden these implementations, we propose countermeasures and evaluate their effectiveness and efficiency. Our work shows that exposed devices running signature generation or verification with any of these three schemes must have countermeasures in place. «
Hash-based signature (HBS) schemes are an efficient method of guaranteeing the authenticity of data in a post-quantum world. The stateful schemes LMS and XMSS and the stateless scheme SPHINCS+ are already standardised or will be in the near future. The Winternitz one-time signature (WOTS) scheme is one of the fundamental building blocks used in all these HBS standardisation proposals.We present a new fault injection attack targeting WOTS that allows an adversary to forge signatures for ar... »
Stichworte:: fault injection · post-quantum cryptography · hash-based signatures · winternitz one-time signatures · LMS · XMSS · SPHINCS+
Dewey-Dezimalklassifikation:: 620 Ingenieurwissenschaften
Herausgeber:: Johansson, Thomas; Smith-Tone, Daniel
Kongress- / Buchtitel:: Post-Quantum Cryptography - 14th International Workshop, PQCrypto 2023, College Park, MD, USA, August 16-18, 2023, Proceedings
Kongress / Zusatzinformationen:: College Park, USA
Band / Teilband / Volume:: 14154
Verlag / Institution:: Springer
Jahr:: 2023
Quartal:: 3. Quartal
Jahr / Monat:: 2023-08
Monat:: Aug
Seiten:: 658--687
Serientitel:: Lecture Notes in Computer Science
Reviewed:: ja
Sprache:: en
Volltext / DOI:: doi:10.1007/978-3-031-40003-2_24
WWW:: https://doi.org/10.1007/978-3-031-40003-2_24
BibTeX

Vorkommen:

mediaTUM Gesamtbestand Hochschulbibliographie 2023 Schools und Fakultäten TUM School of Computation, Information and Technology Sicherheit in der Informationstechnik (Prof. Sigl)

mediaTUM Gesamtbestand Einrichtungen Schools TUM School of Computation, Information and Technology Departments Computer Engineering Sicherheit in der Informationstechnik (Prof. Sigl)2023