Determining the effect of a floating point on the Falcon digital signature algorithm security

Q3 Mathematics

Eastern-European Journal of Enterprise Technologies Pub Date : 2024-02-28 DOI:10.15587/1729-4061.2024.295160

Oleksandr Potii, O. Kachko, S.O. Kandii, Yevhenii Kaptol

{"title":"Determining the effect of a floating point on the Falcon digital signature algorithm security","authors":"Oleksandr Potii, O. Kachko, S.O. Kandii, Yevhenii Kaptol","doi":"10.15587/1729-4061.2024.295160","DOIUrl":null,"url":null,"abstract":"The object of research is digital signatures. The Falcon digital signature scheme is one of the finalists in the NIST post-quantum cryptography competition. Its distinctive feature is the use of floating-point arithmetic. However, floating-point arithmetic has so-called rounding noise, which accumulates during computations and in some cases may lead to significant changes in the processed values. The work considers the problem of using rounding noise to build attacks on implementation. The main result of the study is a novel attack on implementation, which enables the secret key recovery. This attack differs from existing attacks in using two separately secure implementations with different computation orders. As a result of the analysis, the conditions under which secret key recovery is possible were revealed. The attack requires 300,000 signatures and two implementations to recover key. The probability of successful attack ranges from 70 % to 76 %. This probability is explained by the structure of the Gaussian sampling algorithm used in the Falcon digital signature. At the same time, a necessary condition for conducting an attack is identical seed during signature generation. This condition makes the attack more theoretical than practical since the correct implementation of the Falcon makes probability of two identical seeds negligible. However, the possible usage of floating-point noise shows potential existence of additional attack vectors for the Falcon that should be covered in security models. The results could be used in the construction of digital signature security models and their implementation in existing information and communication systems","PeriodicalId":11433,"journal":{"name":"Eastern-European Journal of Enterprise Technologies","volume":"29 6","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Eastern-European Journal of Enterprise Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.15587/1729-4061.2024.295160","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Mathematics","Score":null,"Total":0}

引用次数: 0

Abstract

The object of research is digital signatures. The Falcon digital signature scheme is one of the finalists in the NIST post-quantum cryptography competition. Its distinctive feature is the use of floating-point arithmetic. However, floating-point arithmetic has so-called rounding noise, which accumulates during computations and in some cases may lead to significant changes in the processed values. The work considers the problem of using rounding noise to build attacks on implementation. The main result of the study is a novel attack on implementation, which enables the secret key recovery. This attack differs from existing attacks in using two separately secure implementations with different computation orders. As a result of the analysis, the conditions under which secret key recovery is possible were revealed. The attack requires 300,000 signatures and two implementations to recover key. The probability of successful attack ranges from 70 % to 76 %. This probability is explained by the structure of the Gaussian sampling algorithm used in the Falcon digital signature. At the same time, a necessary condition for conducting an attack is identical seed during signature generation. This condition makes the attack more theoretical than practical since the correct implementation of the Falcon makes probability of two identical seeds negligible. However, the possible usage of floating-point noise shows potential existence of additional attack vectors for the Falcon that should be covered in security models. The results could be used in the construction of digital signature security models and their implementation in existing information and communication systems

查看原文本刊更多论文

确定浮点对猎鹰数字签名算法安全性的影响

研究对象是数字签名。Falcon 数字签名方案是 NIST 后量子密码学竞赛的入围方案之一。它的显著特点是使用浮点运算。然而，浮点运算存在所谓的舍入噪声，这种噪声会在计算过程中累积，在某些情况下可能导致处理值发生重大变化。这项工作考虑的问题是利用舍入噪声建立对执行的攻击。研究的主要成果是一种新颖的执行攻击，它可以恢复密钥。这种攻击与现有的攻击不同，它使用了两种具有不同计算顺序的独立安全实现。分析结果揭示了可以恢复秘钥的条件。该攻击需要 300,000 个签名和两种实现方式来恢复密钥。攻击成功的概率在 70% 到 76% 之间。猎鹰数字签名中使用的高斯采样算法的结构解释了这一概率。同时，进行攻击的一个必要条件是在生成签名时使用相同的种子。这一条件使得攻击的理论意义大于实际意义，因为 Falcon 数字签名的正确实现使得两个相同种子的概率可以忽略不计。不过，浮点噪音的可能使用表明，Falcon 可能存在其他攻击向量，安全模型应涵盖这些向量。这些结果可用于数字签名安全模型的构建及其在现有信息和通信系统中的实施。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Eastern-European Journal of Enterprise Technologies Mathematics-Applied Mathematics

CiteScore

2.00

自引率

0.00%

发文量

369

审稿时长

6 weeks

期刊介绍： Terminology used in the title of the "East European Journal of Enterprise Technologies" - "enterprise technologies" should be read as "industrial technologies". "Eastern-European Journal of Enterprise Technologies" publishes all those best ideas from the science, which can be introduced in the industry. Since, obtaining the high-quality, competitive industrial products is based on introducing high technologies from various independent spheres of scientific researches, but united by a common end result - a finished high-technology product. Among these scientific spheres, there are engineering, power engineering and energy saving, technologies of inorganic and organic substances and materials science, information technologies and control systems. Publishing scientific papers in these directions are the main development "vectors" of the "Eastern-European Journal of Enterprise Technologies". Since, these are those directions of scientific researches, the results of which can be directly used in modern industrial production: space and aircraft industry, instrument-making industry, mechanical engineering, power engineering, chemical industry and metallurgy.