Faster Hash-Based Signatures with Bounded Leakage

Digital signatures have become a key component of many embedded system solutions and are facing strong security and efficiency requirements. At the same time side-channel resistance is essential for a signature scheme to be accepted in real-world applications. Based on the Merkle signature scheme and Winternitz one-time signatures we propose a signature scheme with bounded side-channel leakage that is secure in a post-quantum setting. Novel algorithmic improvements for the authentication path computation bound side-channel leakage and improve the average signature computation time by close to 50i?ź% when compared to state-of-the-art algorithms. The proposed scheme is implemented on an Intel Core i7 CPU and an AVR ATxmega microcontroller with carefully optimized versions for the respective target platform. The theoretical algorithmic improvements are verified in the implementations and cryptographic hardware accelerators are used to achieve competitive performance.

[1]  Andreas Hülsing,et al.  W-OTS+ - Shorter Signatures for Hash-Based Signature Schemes , 2013, AFRICACRYPT.

[2]  Johannes A. Buchmann,et al.  XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions , 2011, IACR Cryptol. ePrint Arch..

[3]  Aggelos Kiayias,et al.  Topics in Cryptology - CT-RSA 2011 - The Cryptographers' Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011. Proceedings , 2011, CT-RSA.

[4]  Andreas Hülsing,et al.  Forward Secure Signatures on Smart Cards , 2012, Selected Areas in Cryptography.

[5]  Moti Yung,et al.  Leakage Resilient Cryptography in Practice , 2010, Towards Hardware-Intrinsic Security.

[6]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[7]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[8]  Johannes A. Buchmann,et al.  On the security of the Winternitz one-time signature scheme , 2011, Int. J. Appl. Cryptogr..

[9]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[10]  David Pointcheval,et al.  Progress in Cryptology - AFRICACRYPT 2011 - 4th International Conference on Cryptology in Africa, Dakar, Senegal, July 5-7, 2011. Proceedings , 2011, AFRICACRYPT.

[11]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[12]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.

[13]  Ilya Kizhvatov,et al.  Side channel analysis of AVR XMEGA crypto engine , 2009, WESS '09.

[14]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[15]  Christof Paar,et al.  Fast Hash-Based Signatures on Constrained Devices , 2008, CARDIS.

[16]  Michael Szydlo,et al.  Merkle Tree Traversal in Log Space and Time , 2004, EUROCRYPT.

[17]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA , 2009, CHES.

[18]  David Naccache,et al.  Towards Hardware-Intrinsic Security - Foundations and Practice , 2010, Information Security and Cryptography.

[19]  Johannes Buchmann,et al.  Hash-based Digital Signature Schemes , 2009 .