Separating Oil and Vinegar with a Single Trace

Thomas Aulbach; Fabio Campos; Juliane Krämer; Simona Samardjiska; Marc Stöttinger

Paper 2023/335

Separating Oil and Vinegar with a Single Trace

Thomas Aulbach, University of Regensburg

Fabio Campos, RheinMain University of Applied Sciences

Juliane Krämer, University of Regensburg

Simona Samardjiska, Radboud University Nijmegen

Marc Stöttinger, RheinMain University of Applied Sciences

Abstract

Due to recent cryptanalytical breakthroughs, the multivariate signature schemes that seemed to be most promising in the past years are no longer in the focus of the research community. Hence, the cryptographically mature UOV scheme is of great interest again. Since it has not been part of the NIST process for standardizing post-quantum cryptography so far, it has not been studied intensively for its physical security. In this work, we present a side-channel attack on the latest implementation of UOV. In the first part of the attack, a single side-channel trace of the signing process is used to learn all vinegar variables used in the computation. Then, we employ a combination of the Kipnis-Shamir attack and the reconciliation attack to reveal the complete secret key. Our attack, unlike previous work, targets the inversion of the central map and not the subsequent linear transformation. It further does not require the attacker to control the message to be signed. We have verified the practicality of our attack on a ChipWhisperer-Lite board with a 32-bit STM32F3 ARM Cortex-M4 target mounted on a CW308 UFO board. We publicly provide the code and both reference and target traces. Additionally, we discuss several countermeasures that can at least make our attack less efficient.

Note: Include changes from submission to final version. Include Kipnis-Shamir attack in the algebraic post-processing of the SCA to increase efficiency.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Published by the IACR in TCHES 2023
Keywords: UOV multivariate signature schemes side-channel attack reconciliation attack Kipnis-Shamir attack
Contact author(s): thomas aulbach @ ur de
campos @ sopmac de
juliane kraemer @ ur de
simonas @ cs ru nl
marc stoettinger @ hs-rm de
History: 2023-04-17: revised; 2023-03-07: received; See all versions
Short URL: https://ia.cr/2023/335
License: CC BY

BibTeX

@misc{cryptoeprint:2023/335,
      author = {Thomas Aulbach and Fabio Campos and Juliane Krämer and Simona Samardjiska and Marc Stöttinger},
      title = {Separating Oil and Vinegar with a Single Trace},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/335},
      year = {2023},
      url = {https://eprint.iacr.org/2023/335}
}