scholarly journals New Bleichenbacher Records: Fault Attacks on qDSA Signatures

2018 ◽  
pp. 331-371
Author(s):  
Akira Takahashi ◽  
Mehdi Tibouchi ◽  
Masayuki Abe
Keyword(s):  
Time Frame ◽  
Secret Key ◽  
Key Recovery ◽  
Fault Attacks ◽  
Range Reduction ◽  
Hybrid Parallelization ◽  
Reasonable Time Frame ◽  
Evaluation Board ◽  
Computational Resources ◽  
Avr Microcontroller

In this paper, we optimize Bleichenbacher’s statistical attack technique against (EC)DSA and other Schnorr-like signature schemes with biased or partially exposed nonces. Previous approaches to Bleichenbacher’s attack suffered from very large memory consumption during the so-called “range reduction” phase. Using a carefully analyzed and highly parallelizable approach to this range reduction based on the Schroeppel–Shamir algorithm for knapsacks, we manage to overcome the memory barrier of previous work while maintaining a practical level of efficiency in terms of time complexity.As a separate contribution, we present new fault attacks against the qDSA signature scheme of Renes and Smith (ASIACRYPT 2017) when instantiated over the Curve25519 Montgomery curve, and we validate some of them on the AVR microcontroller implementation of qDSA using actual fault experiments on the ChipWhisperer-Lite evaluation board. These fault attacks enable an adversary to generate signatures with 2 or 3 bits of the nonces known.Combining our two contributions, we are able to achieve a full secret key recovery on qDSA by applying our version of Bleichenbacher’s attack to these faulty signatures. Using a hybrid parallelization model relying on both shared and distributed memory, we achieve a very efficient implementation of our highly scalable range reduction algorithm. This allows us to complete Bleichenbacher’s attack in the 252-bit prime order subgroup of Curve25519 within a reasonable time frame and using relatively modest computational resources both for 3-bit nonce exposure and for the much harder case of 2-bit nonce exposure. Both of these computations, and particularly the latter, set new records in the implementation of Bleichenbacher’s attack.

scholarly journals Differential Fault Attacks on Deterministic Lattice Signatures

2018 ◽  
pp. 21-43
Author(s):  
Leon Groot Bruinderink ◽  
Peter Pessl
Keyword(s):  
Experimental Verification ◽  
Fault Injection ◽  
Secret Key ◽  
Lattice Basis Reduction ◽  
Key Recovery ◽  
Signature Schemes ◽  
Fault Attacks ◽  
Reduction Techniques ◽  
Basis Reduction ◽  
Lattice Based Cryptography

In this paper, we extend the applicability of differential fault attacks to lattice-based cryptography. We show how two deterministic lattice-based signature schemes, Dilithium and qTESLA, are vulnerable to such attacks. In particular, we demonstrate that single random faults can result in a nonce-reuse scenario which allows key recovery. We also expand this to fault-induced partial nonce-reuse attacks, which do not corrupt the validity of the computed signatures and thus are harder to detect.Using linear algebra and lattice-basis reduction techniques, an attacker can extract one of the secret key elements after a successful fault injection. Some other parts of the key cannot be recovered, but we show that a tweaked signature algorithm can still successfully sign any message. We provide experimental verification of our attacks by performing clock glitching on an ARM Cortex-M4 microcontroller. In particular, we show that up to 65.2% of the execution time of Dilithium is vulnerable to an unprofiled attack, where a random fault is injected anywhere during the signing procedure and still leads to a successful key-recovery.

scholarly journals Clinical correlates of anti-SARS-CoV-2 antibody profiles in Spanish COVID-19 patients from a high incidence region

2021 ◽  
Vol 11 (1) ◽  
Author(s):  
Robert Markewitz ◽  
Antje Torge ◽  
Klaus-Peter Wandinger ◽  
Daniela Pauli ◽  
Andre Franke ◽  
...  
Keyword(s):  
Case Fatality ◽  
Time Frame ◽  
Epidemic Outbreak ◽  
Sample Collection ◽  
Rt Pcr ◽  
High Incidence ◽  
Duration Of Hospitalization ◽  
Reasonable Time Frame ◽  
Support Treatment ◽  
Diagnostic And Prognostic Value

AbstractLaboratory testing for the severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) consists of two pillars: the detection of viral RNA via rt-PCR as the diagnostic gold standard in acute cases, and the detection of antibodies against SARS-CoV-2. However, concerning the latter, questions remain about their diagnostic and prognostic value and it is not clear whether all patients develop detectable antibodies. We examined sera from 347 Spanish COVID-19 patients, collected during the peak of the epidemic outbreak in Spain, for the presence of IgA and IgG antibodies against SARS-CoV-2 and evaluated possible associations with age, sex and disease severity (as measured by duration of hospitalization, kind of respiratory support, treatment in ICU and death). The presence and to some degree the levels of anti-SARS-CoV-2 antibodies depended mainly on the amount of time between onset of symptoms and the collection of serum. A subgroup of patients did not develop antibodies at the time of sample collection. Compared to the patients that did, no differences were found. The presence and level of antibodies was not associated with age, sex, duration of hospitalization, treatment in the ICU or death. The case-fatality rate increased exponentially with older age. Neither the presence, nor the levels of anti-SARS-CoV-2 antibodies served as prognostic markers in our cohort. This is discussed as a possible consequence of the timing of the sample collection. Age is the most important risk factor for an adverse outcome in our cohort. Some patients appear not to develop antibodies within a reasonable time frame. It is unclear, however, why that is, as these patients differ in no respect examined by us from those who developed antibodies.

scholarly journals Cryptanalysis of Loiss Stream Cipher-Revisited

2014 ◽  
Vol 2014 ◽  
pp. 1-7
Author(s):  
Lin Ding ◽  
Chenhui Jin ◽  
Jie Guan ◽  
Qiuyan Wang
Keyword(s):  
Time Complexity ◽  
Stream Cipher ◽  
Linear Equations ◽  
Data Complexity ◽  
Secret Key ◽  
Key Recovery ◽  
Systems Of Linear Equations ◽  
Key Recovery Attack ◽  
Better Than

Loiss is a novel byte-oriented stream cipher proposed in 2011. In this paper, based on solving systems of linear equations, we propose an improved Guess and Determine attack on Loiss with a time complexity of 2231and a data complexity of 268, which reduces the time complexity of the Guess and Determine attack proposed by the designers by a factor of 216. Furthermore, a related key chosenIVattack on a scaled-down version of Loiss is presented. The attack recovers the 128-bit secret key of the scaled-down Loiss with a time complexity of 280, requiring 264chosenIVs. The related key attack is minimal in the sense that it only requires one related key. The result shows that our key recovery attack on the scaled-down Loiss is much better than an exhaustive key search in the related key setting.

scholarly journals Reasonable time frame in bankruptcy proceedings: Analysis of cases from the judicial practice of the Commercial Court in Niš

2021 ◽  
Vol 60 (90) ◽  
pp. 97-118
Author(s):  
Aleksandar Mojašević ◽  
Aleksandar Jovanović
Keyword(s):  
Case Law ◽  
Time Frame ◽  
Fair Trial ◽  
Fundamental Rights ◽  
Reasonable Time ◽  
Judicial Practice ◽  
Reasonable Time Frame ◽  
The Subject ◽  
The Republic ◽  
The Right

The Act on the Protection of the Right to a Trial within a Reasonable Time, which took effect in 2016, has created the conditions in our legal system for the protection of the right to a trial within a reasonable time, as one of the fundamental rights guaranteed by the Constitution of the Republic of Serbia and related international documents. Although the legislator does not explicitly provide for the application of this Act in the context of bankruptcy proceedings, it has been used in judicial practice as a mean for the bankruptcy creditors to obtain just satisfaction in cases involving lengthy bankruptcy proceedings and a violation of the right to a fair trial within a reasonable time. The subject matter of analysis in this paper is the right to a trial within a reasonable time in bankruptcy cases. For that purpose, the authors examine the case law of the Commercial Court in Niš in the period from the beginning of 2016 to the end of 2019, particularly focusing on the bankruptcy cases in which complaints (objections) were filed for the protection of the right to a fair trial within a reasonable time. The aim of the research is to examine whether the objection, as an initial act, is a suitable instrument for increasing the efficiency of the bankruptcy proceeding, or whether it only serves to satisfy the interests of creditors. The authors have also examined whether this remedy affects the overall costs and duration of the bankruptcy proceeding. The main finding is that there is an increasing number of objections in the Commercial Court in Niš, which still does not affect the length and costs of bankruptcy. This trend is not only the result of inactivity of the court and the complexity of certain cases but also of numerous external factors, the most prominent of which is the work of some state bodies.

scholarly journals Análisis comparativo de una metaheurística en base a algoritmo genético vs un método de ramificación y corte para un caso de entrega y recolección con restricciones de ventana de horario

2017 ◽  
Vol 1 (2) ◽  
Author(s):  
Fabian López
Keyword(s):  
Time Window ◽  
Time Frame ◽  
Branch And Cut ◽  
Pickup And Delivery ◽  
Np Hard ◽  
Practical Application ◽  
High Quality ◽  
Method Of Solution ◽  
Time Window Constraints ◽  
Computational Resources

Palabras claves: Algoritmos genéticos, logística de ruteo, metaheuristicas, secuenciaciónResumen. En la solución de problemas combinatorios, es importante evaluar el costo-beneficio entre la obtención de soluciones de alta calidad en detrimento de los recursos computacionales requeridos. El problema planteado es para el ruteo de un vehículo con entrega y recolección de producto y con restricciones de ventana de horario. En la práctica, dicho problema requiere ser atendido con instancias de gran escala (nodos ≥100). Existe un fuerte porcentaje de ventanas de horario activas (≥90%) y con factores de amplitud ≥75%. El problema es NP-hard y por tal motivo la aplicación de un método de solución exacta para resolverlo en la práctica, está limitado por el tiempo requerido para la actividad de ruteo. Se propone un algoritmo genético especializado, el cual ofrece soluciones de buena calidad (% de optimalidad aceptables) y en tiempos de ejecución computacional que hacen útil su aplicación en la práctica de la logística. Para comprobar la eficacia de la propuesta algorítmica se desarrolla un diseño experimental el cual hará uso de las soluciones óptimas obtenidas mediante un algoritmo de ramificación y corte sin límite de tiempo. Los resultados son favorables.Key words: Genetic algorithms, routing logistics, metaheuristics, schedulingAbstract. In an attempt to sovle the combinatorics problems, it is important to evaluate the costbenefit ratio between obtaining solutions of high quality and the loss of the computational resources required. The problem presented is for the routing of a vehicle with pickup and delivery of products with time window constraints. This problem requires instances of great scale (nodes≥100). A strong active time window percentage exists (≥90%) with factors of amplitude ≥75%. The problem is NP-hard and hence, the application of an exact method of solution, is limited by the time frame required for routing activity. A specialized genetic algorithm is proposed, which offers solutions of high precision and in computational times that makes its practical application useful. An experimental design is developed with good results that makes use of optimum solutions obtained by means of branch and cut algorithm without time limit.

scholarly journals Three-dimensional Printing of Customized Bioresorbable Airway Stents

2020 ◽  
Author(s):  
Nevena Paunović ◽  
Yinyin Bao ◽  
Fergal Brian Coulter ◽  
Kunal Masania ◽  
Anna Karoline Geks ◽  
...  
Keyword(s):  
Three Dimensional ◽  
Standard Of Care ◽  
Time Frame ◽  
Psychological Burden ◽  
Three Dimensional Printing ◽  
Life Threatening ◽  
Reasonable Time Frame ◽  
Printed Materials ◽  
Airway Stents

AbstractCentral airway obstruction is a life-threatening disorder causing a high physical and psychological burden to patients due to severe breathlessness and impaired quality of life. Standard-of-care airway stents are silicone tubes, which cause immediate relief, but are prone to migration, especially in growing patients, and require additional surgeries to be removed, which may cause further tissue damage. Customized airway stents with tailorable bioresorbability that can be produced in a reasonable time frame would be highly needed in the management of this disorder. Here, we report poly(D,L-lactide-co-ε-caprolactone) methacrylate blends-based biomedical inks and their use for the rapid fabrication of customized and bioresorbable airway stents. The 3D printed materials are cytocompatible and exhibit silicone-like mechanical properties with suitable biodegradability. In vivo studies in healthy rabbits confirmed biocompatibility and showed that the stents stayed in place for 7 weeks after which they became radiographically invisible. The developed biomedical inks open promising perspectives for the rapid manufacturing of the customized medical devices for which high precision, tuneable elasticity and predictable degradation are sought-after.

scholarly journals A Comprehensive Study of the Key Enumeration Problem

Entropy ◽  
2019 ◽  
Vol 21 (10) ◽  
pp. 972 ◽  
Author(s):  
Ricardo Villanueva-Polanco
Keyword(s):  
Main Memory ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Attack ◽  
Enumeration Algorithm ◽  
Key Recovery ◽  
Recovery Algorithm ◽  
Enumeration Problem ◽  
Enumeration Algorithms ◽  
Recovery Problem

In this paper, we will study the key enumeration problem, which is connected to the key recovery problem posed in the cold boot attack setting. In this setting, an attacker with physical access to a computer may obtain noisy data of a cryptographic secret key of a cryptographic scheme from main memory via this data remanence attack. Therefore, the attacker would need a key-recovery algorithm to reconstruct the secret key from its noisy version. We will first describe this attack setting and then pose the problem of key recovery in a general way and establish a connection between the key recovery problem and the key enumeration problem. The latter problem has already been studied in the side-channel attack literature, where, for example, the attacker might procure scoring information for each byte of an Advanced Encryption Standard (AES) key from a side-channel attack and then want to efficiently enumerate and test a large number of complete 16-byte candidates until the correct key is found. After establishing such a connection between the key recovery problem and the key enumeration problem, we will present a comprehensive review of the most outstanding key enumeration algorithms to tackle the latter problem, for example, an optimal key enumeration algorithm (OKEA) and several nonoptimal key enumeration algorithms. Also, we will propose variants to some of them and make a comparison of them, highlighting their strengths and weaknesses.

scholarly journals Cold Boot Attacks on LUOV

2020 ◽  
Vol 10 (12) ◽  
pp. 4106 ◽  
Author(s):  
Ricardo Villanueva-Polanco
Keyword(s):  
Key Generation ◽  
Secret Key ◽  
Cryptographic Primitives ◽  
Key Recovery ◽  
Recovery Algorithm ◽  
Private Key ◽  
Research Article ◽  
The Family ◽  
And Performance ◽  
First Time

This research article assesses the feasibility of cold boot attacks on the lifted unbalanced oil and Vinegar (LUOV) scheme, a variant of the UOV signature scheme. This scheme is a member of the family of asymmetric cryptographic primitives based on multivariable polynomials over a finite field K and has been submitted as candidate to the ongoing National Institute of Standards and Technology (NIST) standardisation process of post-quantum signature schemes. To the best of our knowledge, this is the first time that this scheme is evaluated in this setting. To perform our assessment of the scheme in this setting, we review two implementations of this scheme, the reference implementation and the libpqcrypto implementation, to learn the most common in-memory private key formats and next develop a key recovery algorithm exploiting the structure of this scheme. Since the LUOV’s key generation algorithm generates its private components and public components from a 256-bit seed, the key recovery algorithm works for all the parameter sets recommended for this scheme. Additionally, we tested the effectiveness and performance of the key recovery algorithm through simulations and found the key recovery algorithm may retrieve the private seed when α = 0.001 (probability that a 0 bit of the original secret key will flip to a 1 bit) and β (probability that a 1 bit of the original private key will flip to a 0 bit) in the range { 0.001 , 0.01 , 0.02 , … , 0.15 } by enumerating approximately 2 40 candidates.

scholarly journals Breaking Trivium Stream Cipher Implemented in ASIC Using Experimental Attacks and DFA

Sensors ◽  
2020 ◽  
Vol 20 (23) ◽  
pp. 6909
Author(s):  
Francisco Eugenio Potestad-Ordóñez ◽  
Manuel Valencia-Barrero ◽  
Carmen Baena-Oliva ◽  
Pilar Parra-Fernández ◽  
Carlos Jesús Jiménez-Fernández
Keyword(s):  
Stream Cipher ◽  
Internal State ◽  
Clock Cycle ◽  
Fault Analysis ◽  
Invasive Technique ◽  
Sensitive Information ◽  
Secret Key ◽  
Key Recovery ◽  
Differential Fault Analysis ◽  
Secret Keys

One of the best methods to improve the security of cryptographic systems used to exchange sensitive information is to attack them to find their vulnerabilities and to strengthen them in subsequent designs. Trivium stream cipher is one of the lightweight ciphers designed for security applications in the Internet of things (IoT). In this paper, we present a complete setup to attack ASIC implementations of Trivium which allows recovering the secret keys using the active non-invasive technique attack of clock manipulation, combined with Differential Fault Analysis (DFA) cryptanalysis. The attack system is able to inject effective transient faults into the Trivium in a clock cycle and sample the faulty output. Then, the internal state of the Trivium is recovered using the DFA cryptanalysis through the comparison between the correct and the faulty outputs. Finally, a backward version of Trivium was also designed to go back and get the secret keys from the initial internal states. The key recovery has been verified with numerous simulations data attacks and used with the experimental data obtained from the Application Specific Integrated Circuit (ASIC) Trivium. The secret key of the Trivium were recovered experimentally in 100% of the attempts, considering a real scenario and minimum assumptions.

Sign in / Sign up

Export Citation Format

Share Document