@inproceedings{43fa7a0575ff4f8da429ebf74662904f,
title = "Flush, Gauss, and Reload – a cache attack on the BLISS lattice-based signature scheme",
abstract = "We present the first side-channel attack on a lattice-based signature scheme, using the Flush+Reload cache-attack. The attack is targeted at the discrete Gaussian sampler, an important step in the Bimodal Lattice Signature Schemes (BLISS). After observing only 450 signatures with a perfect side-channel, an attacker is able to extract the secret BLISS-key in less than 2 minutes, with a success probability of 0.96. Similar results are achieved in a proof-of-concept implementation using the Flush+Reload technique with less than 3500 signatures. We show how to attack sampling from a discrete Gaussian using CDT or Bernoulli sampling by showing potential information leakage via cache memory. For both sampling methods, a strategy is given to use this additional information, finalize the attack and extract the secret key. We provide experimental evidence for the idealized perfect side-channel attacks and the Flush+Reload attack on two recent CPUs.",
keywords = "BLISS, Discrete Gaussians, Flush+Reload, Lattices, SCA",
author = "L.G. Bruinderink and A.T. H{\"u}lsing and T. Lange and Y. Yarom",
year = "2016",
doi = "10.1007/978-3-662-53140-2_16",
language = "English",
isbn = "978-3-662-53139-6",
volume = "9813",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "323--345",
editor = "B. Gierlichs and A.Y. Poschmann",
booktitle = "Cryptographic Hardware and Embedded Systems - 18th International Conference, CHES 2016, Proceedings",
address = "Germany",
note = "18th International Conference on Cryptographic Hardware and Embedded Systems, CHES 2016 ; Conference date: 17-08-2016 Through 19-08-2016",
}