Flush, Gauss, and Reload – a cache attack on the BLISS lattice-based signature scheme

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

75 Citations (Scopus)

Abstract

We present the first side-channel attack on a lattice-based signature scheme, using the Flush+Reload cache-attack. The attack is targeted at the discrete Gaussian sampler, an important step in the Bimodal Lattice Signature Schemes (BLISS). After observing only 450 signatures with a perfect side-channel, an attacker is able to extract the secret BLISS-key in less than 2 minutes, with a success probability of 0.96. Similar results are achieved in a proof-of-concept implementation using the Flush+Reload technique with less than 3500 signatures. We show how to attack sampling from a discrete Gaussian using CDT or Bernoulli sampling by showing potential information leakage via cache memory. For both sampling methods, a strategy is given to use this additional information, finalize the attack and extract the secret key. We provide experimental evidence for the idealized perfect side-channel attacks and the Flush+Reload attack on two recent CPUs.
Original languageEnglish
Title of host publicationCryptographic Hardware and Embedded Systems - 18th International Conference, CHES 2016, Proceedings
EditorsB. Gierlichs, A.Y. Poschmann
PublisherSpringer
Pages323-345
Number of pages23
Volume9813
ISBN (Electronic)978-3-662-53140-2
ISBN (Print)978-3-662-53139-6
DOIs
Publication statusPublished - 2016
Event18th International Conference on Cryptographic Hardware and Embedded Systems, CHES 2016 - Santa Barbara, United States
Duration: 17 Aug 201619 Aug 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9813
ISSN (Print)03029743
ISSN (Electronic)16113349

Conference

Conference18th International Conference on Cryptographic Hardware and Embedded Systems, CHES 2016
CountryUnited States
CitySanta Barbara
Period17/08/1619/08/16

Keywords

  • BLISS
  • Discrete Gaussians
  • Flush+Reload
  • Lattices
  • SCA

Fingerprint Dive into the research topics of 'Flush, Gauss, and Reload – a cache attack on the BLISS lattice-based signature scheme'. Together they form a unique fingerprint.

Cite this