As one of the most efficient lattice-based signature schemes, and one of the only ones to have seen deployment beyond an academic setting (e.g., as part of the VPN software suite strongSwan), BLISS has attracted a significant amount of attention in terms of its implementation security, and side-channel vulnerabilities of several parts of its signing algorithm have been identified in previous works. In this paper, we present an even simpler timing attack against it. The bimodal Gaussian distribution that BLISS is named after is achieved using a random sign flip during signature generation, and neither the original implementation of BLISS nor strongSwan ensure that this sign flip is carried out in constant time. It is therefore possible to re...
International audienceIn 2012, Lyubashevsky introduced a new framework for building lattice-based si...
This paper suggests to use rounded Gaussians in place of dis- crete Gaussians in rejection-sampling-...
Lattice signature schemes generally require particular care when it comes to preventing secret infor...
International audienceAbstract As one of the most efficient lattice-based signature schemes, and one...
International audienceIn this paper, we investigate the security of the BLISS lattice-based signatur...
In the search for post-quantum secure alternatives to RSA and ECC, lattice-based cryptography appear...
In this paper, we investigate the security of the BLISS lattice-based signature scheme, one of the m...
We present the first side-channel attack on a lattice-based signature scheme, using the FLUSH+RELOAD...
We present the first side-channel attack on a lattice-based signature scheme, using the Flush+Reload...
Lecture Notes in Computer Science, vol. 9813We present the first side-channel attack on a lattice-ba...
Session I1: Post-QuantumIn the search for post-quantum secure alternatives to RSA and ECC, lattice-b...
International audienceIn this paper, we initiate the study of side-channel leakage in hash-and-sign ...
International audienceIn 2012, Lyubashevsky introduced a new framework for building lattice-based si...
This paper suggests to use rounded Gaussians in place of dis- crete Gaussians in rejection-sampling-...
Lattice signature schemes generally require particular care when it comes to preventing secret infor...
International audienceAbstract As one of the most efficient lattice-based signature schemes, and one...
International audienceIn this paper, we investigate the security of the BLISS lattice-based signatur...
In the search for post-quantum secure alternatives to RSA and ECC, lattice-based cryptography appear...
In this paper, we investigate the security of the BLISS lattice-based signature scheme, one of the m...
We present the first side-channel attack on a lattice-based signature scheme, using the FLUSH+RELOAD...
We present the first side-channel attack on a lattice-based signature scheme, using the Flush+Reload...
Lecture Notes in Computer Science, vol. 9813We present the first side-channel attack on a lattice-ba...
Session I1: Post-QuantumIn the search for post-quantum secure alternatives to RSA and ECC, lattice-b...
International audienceIn this paper, we initiate the study of side-channel leakage in hash-and-sign ...
International audienceIn 2012, Lyubashevsky introduced a new framework for building lattice-based si...
This paper suggests to use rounded Gaussians in place of dis- crete Gaussians in rejection-sampling-...
Lattice signature schemes generally require particular care when it comes to preventing secret infor...