Re: [lamps] Side-channel attack on multi-level trees and key generation of LMS.

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Sat, 30 March 2019 04:55 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AD20120178 for <spasm@ietfa.amsl.com>; Fri, 29 Mar 2019 21:55:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yUPw6gx6eWtF for <spasm@ietfa.amsl.com>; Fri, 29 Mar 2019 21:55:03 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E944F120175 for <spasm@ietf.org>; Fri, 29 Mar 2019 21:55:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=59878; q=dns/txt; s=iport; t=1553921703; x=1555131303; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=QKo7MfD9SQD3PJwz2s1ShdXvYxPuMc6Ce+OtZfDc2Lk=; b=MJHAUeb4SSESx7nG3jZIWBtrpUJaX7OGQRjr8TcmOrFFbld03ydbJ/Hr I7svgo4ZnaD9+d7+n4Ry/6GVBMFN1PNvM+lkfKGx032C7BPZj5rqAYuVY 5ljcrfcIYh4L1v2ovyZRtPYPswMBevagasi/0WWjo3z/70Ko59nO3sI5u A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AKAACv9Z5c/40NJK1kGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAQGBVAEBAQEBAQsBgQ5TL2iBAycKhASVU5lhA1QOAQEYAQm?= =?us-ascii?q?BD12CXgIXhSAiNwYNAQEDAQEJAQMCbRwMhUoBAQECAgEBIQo/AgsQAgEIEQQ?= =?us-ascii?q?BASEBBgMCAgIlCxQJCAIEAQ0FCBODAgQCgRFMAxUPqCeBL4QxAYNOA4IpgS8?= =?us-ascii?q?BiGiCSheBQD+DbgcuPoJhAQEBARiBMxsHCR+CVIJXA4pXIIIHhCOHUYtzYAk?= =?us-ascii?q?Ch2+LYyKUK4hCgW6BDoYPjTwCERWBLjUiDSiBIXAVO4JsCQqBUy0CGINLM4R?= =?us-ascii?q?hhT9BMQEBAQGOC4EtMm0BAQ?=
X-IronPort-AV: E=Sophos;i="5.60,287,1549929600"; d="scan'208,217";a="251313729"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 30 Mar 2019 04:55:01 +0000
Received: from XCH-ALN-010.cisco.com (xch-aln-010.cisco.com [173.36.7.20]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id x2U4t0AQ009408 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 30 Mar 2019 04:55:01 GMT
Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-ALN-010.cisco.com (173.36.7.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 29 Mar 2019 23:55:00 -0500
Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1473.003; Fri, 29 Mar 2019 23:55:00 -0500
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Russ Housley <housley@vigilsec.com>, Quynh Dang <quynh.dang@nist.gov>
CC: SPASM <spasm@ietf.org>, Daniel Van Geest <Daniel.VanGeest@isara.com>, "Jim Schaad" <ietf@augustcellars.com>, "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
Thread-Topic: [lamps] Side-channel attack on multi-level trees and key generation of LMS.
Thread-Index: AQHU49VX1NBa2FR6Ak6EyQShLt8fRaYeOWeAgAAMQACAABNAAIAABCUAgAAMzwCAATq3gIADHWwAgAAIcwCAADZ0AIAAlqDg
Date: Sat, 30 Mar 2019 04:55:00 +0000
Message-ID: <1f66a3f9e34f46c5a976b56cc70cceed@XCH-ALN-010.cisco.com>
References: <BN6PR14MB1106140408FFB08553DEAE98835F0@BN6PR14MB1106.namprd14.prod.outlook.com> <D6AB5830-C69A-44CA-BD63-9B64F92C032E@vigilsec.com> <BN8PR09MB3604C9C7C8609430A58FD99EF35F0@BN8PR09MB3604.namprd09.prod.outlook.com> <afb437b0d9e14a8097947a25d8422286@XCH-RTP-006.cisco.com> <BN8PR09MB3604324EF9D5BF4E9061F1B4F35F0@BN8PR09MB3604.namprd09.prod.outlook.com> <048d01d4e3e6$625b4980$2711dc80$@augustcellars.com> <026b333ae64b45abb031a537366512df@XCH-RTP-006.cisco.com> <04c001d4e3ee$dc6a1b90$953e52b0$@augustcellars.com> <880932bf30944ec7a7883c99a42af9c3@XCH-RTP-006.cisco.com> <2783B663-BB48-48CA-B44C-1C269C9B2059@isara.com> <BN8PR09MB3604CDF09ED9CBAFE374A0AFF35A0@BN8PR09MB3604.namprd09.prod.outlook.com> <0967202E-7A00-4042-AB5F-210FAAE0792F@vigilsec.com>
In-Reply-To: <0967202E-7A00-4042-AB5F-210FAAE0792F@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.82.223.81]
Content-Type: multipart/alternative; boundary="_000_1f66a3f9e34f46c5a976b56cc70cceedXCHALN010ciscocom_"
MIME-Version: 1.0
X-Outbound-SMTP-Client: 173.36.7.20, xch-aln-010.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/2ax3BaS61qGWpkloBVrprnzztHw>
Subject: Re: [lamps] Side-channel attack on multi-level trees and key generation of LMS.
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Mar 2019 04:55:07 -0000

Indeed there are protections against multilevel tree fault attacks. Single level trees are not the only solution. As stated in section 4 of the paper Quynh referenced, the protection is to cache the OTS of the layers so you can check against them if recomputing. That way someone could not inject a fault for the same message and private key and then use it to graft his own subtree. Something like that with an informative reference could be added in the Security Considerations.

Fault attacks against Lattice schemes and HBS had been brought up in the NIST PQ forum  too [1,2] where some countermeasures were discussed. Simple ideas like running the computation twice and comparing values were proposed there. [3] is a good reference of SW countermeasures.

[1] https://groups.google.com/a/list.nist.gov/forum/#!searchin/pqc-forum/%22fault$20attacks%22%7Csort:date/pqc-forum/c9CnPcx1eQc/74sVbH_3CAAJ
[2] https://groups.google.com/a/list.nist.gov/forum/#!searchin/pqc-forum/%22fault$20attacks%22%7Csort:date/pqc-forum/WjF2ZTUAJiA/zEEAjWSmBwAJ
[3] https://eprint.iacr.org/2017/1082.pdf

Rgs,
Panos



From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
Sent: Friday, March 29, 2019 10:19 AM
To: Quynh Dang <quynh.dang@nist.gov>
Cc: SPASM <spasm@ietf.org>rg>; Daniel Van Geest <Daniel.VanGeest@isara.com>om>; Jim Schaad <ietf@augustcellars.com>om>; Scott Fluhrer (sfluhrer) <sfluhrer@cisco.com>
Subject: Re: [lamps] Side-channel attack on multi-level trees and key generation of LMS.

I do not agree that this fault-injection attack leads to a SHOULD for single-level trees.

Russ


On Mar 29, 2019, at 7:04 AM, Dang, Quynh (Fed) <quynh.dang@nist.gov<mailto:quynh.dang@nist.gov>> wrote:

Hi all,

I suggest to add that "When key generation time is not a problem for a single-level tree which provides the desired number of OTS private keys a user has, then the single-tree HBS is a preferred option over the alternative multi-level tree HBSs which provide the same (or close ) number as the desired number of the OTS private keys.

Multi-level tree HBSs are insecure under fault-injection attack, see "reference to the paper".  Therefore, single-level tree HBSs should be used."

Some text guidance for defenses against the attack is needed. I am not a right person to provide such text.

Regards,
Quynh.
________________________________
From: Daniel Van Geest <Daniel.VanGeest@isara.com<mailto:Daniel.VanGeest@isara.com>>
Sent: Friday, March 29, 2019 6:34:00 AM
To: Scott Fluhrer (sfluhrer); Jim Schaad; Dang, Quynh (Fed); 'SPASM'
Subject: Re: [lamps] Side-channel attack on multi-level trees and key generation of LMS.

This is an interesting discussion.  Is there anything anyone would like added to draft-vangeest-x509-hash-sigs as a result?  Also note that anything that could be added here would also apply to cms-hash-sigs since HSS supports multiple level trees.


Daniel


On 2019-03-27, 7:00 AM, "Spasm on behalf of Scott Fluhrer (sfluhrer)" <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org> on behalf of sfluhrer@cisco.com<mailto:sfluhrer@cisco.com>> wrote:




From: Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>
Sent: Tuesday, March 26, 2019 12:14 PM
To: Scott Fluhrer (sfluhrer) <sfluhrer@cisco.com<mailto:sfluhrer@cisco.com>>; 'Dang, Quynh (Fed)' <quynh.dang=40nist.gov@dmarc.ietf.org<mailto:quynh.dang=40nist.gov@dmarc.ietf.org>>; 'SPASM' <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: RE: [lamps] Side-channel attack on multi-level trees and key generation of LMS.


I understand that, but again there are some trade-offs of memory vs time.  All of the simple tree saving algorithms I have thought of can occasionally require the generation of a large portion of the tree depending on what boundaries one is crossing in the tree, this means that the signing time is not constant.  One can also make gains by doing some pre-computation of expected trees as one goes along.  When you have a tree of trees, one can get lots of speed up by saving the signature for all but the bottom most tree so that only that tree needs to have portions regenerated until you move to a new sub-tree.


Again, there are better algorithms known; as an example to the fractal method I gave a link to before, if we have a H=25 tree (circa 32 million leaf nodes), we can perform a walk by storing a maximum of 158 Merkle node values, and for each signature, performing 6 leaf public key recomputations per signature (not counting the OTS signature generation and a handful of hash computations while we combine Merkle nodes).  For this algorithm, it always has the current authentication path entirely in memory; the entire computation done is performing pre-computation so we’re set up for the next authentication path.
The BDS algorithm works even better if you have minimal storage for internal Merkle nodes; see https://www-old.cdc.informatik.tu-darmstadt.de/reports/reports/BDS08.pdf<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww-old.cdc.informatik.tu-darmstadt.de%2Freports%2Freports%2FBDS08.pdf&data=02%7C01%7Cquynh.dang%40nist.gov%7Cf6277e7102074843afe408d6b4321776%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636894524568586678&sdata=cFt0M7zVFWiJbwQCZXbNEBC0ds1SK6zo2uglvXcviHY%3D&reserved=0>


All of these are space/time trade-offs and one needs to understand what the extremes are on both ends before one says that a huge single tree is better or worse than a lot of small trees, even if the number of levels that are created are the same.


Jim




From: Scott Fluhrer (sfluhrer) <sfluhrer@cisco.com<mailto:sfluhrer@cisco.com>>
Sent: Tuesday, March 26, 2019 4:28 PM
To: Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>; 'Dang, Quynh (Fed)' <quynh.dang=40nist.gov@dmarc.ietf.org<mailto:quynh.dang=40nist.gov@dmarc.ietf.org>>; 'SPASM' <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: RE: [lamps] Side-channel attack on multi-level trees and key generation of LMS.


Actually, there are algorithms that are able to generate the next authentication path by storing a comparatively small part of the tree, and using only a relatively small number of leaf node evaluations..  For example, http://www.szydlo.com/fractal-jmls.pdf<https://gcc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.szydlo.com%2Ffractal-jmls.pdf&data=02%7C01%7Cquynh.dang%40nist.gov%7Cf6277e7102074843afe408d6b4321776%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636894524568596697&sdata=krnCaCoGSCwG%2FXDYPPnijwnp6toouFB82F88Q20H158%3D&reserved=0>


From: Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>
Sent: Tuesday, March 26, 2019 11:13 AM
To: 'Dang, Quynh (Fed)' <quynh.dang=40nist.gov@dmarc.ietf.org<mailto:quynh.dang=40nist.gov@dmarc.ietf.org>>; Scott Fluhrer (sfluhrer) <sfluhrer@cisco.com<mailto:sfluhrer@cisco.com>>; 'SPASM' <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: RE: [lamps] Side-channel attack on multi-level trees and key generation of LMS.


There is one other factor to compare in terms of how big the tree is.  For a very large tree, if you do not have the resources to keep the entire private key set (or a large subset of it) then you get into the situation where you regenerate the entire private key tree for each and every signature.  This is part of the trade off between small key size and fast signature generation/usage of time.


Jim




From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> On Behalf Of Dang, Quynh (Fed)
Sent: Tuesday, March 26, 2019 3:04 PM
To: Scott Fluhrer (sfluhrer) <sfluhrer@cisco.com<mailto:sfluhrer@cisco.com>>; SPASM <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: Re: [lamps] Side-channel attack on multi-level trees and key generation of LMS.


The only downside of 1 level tree is its key generation time comparing to multi-level trees. In situations ( such as a code signing application) where 1, 2 or 3 etc... hours of a key generation time is not a problem, then using a big 1 level tree seems better than using a multi-level tree.

Therefore,  some bigger height numbers for 1-level tree may be desired.

Quynh.
________________________________
From: Scott Fluhrer (sfluhrer) <sfluhrer@cisco.com<mailto:sfluhrer@cisco.com>>
Sent: Tuesday, March 26, 2019 9:20:05 AM
To: Dang, Quynh (Fed); SPASM
Subject: RE: [lamps] Side-channel attack on multi-level trees and key generation of LMS.


Irom: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> On Behalf Of Dang, Quynh (Fed)
Sent: Tuesday, March 26, 2019 9:11 AM
To: SPASM <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: [lamps] Side-channel attack on multi-level trees and key generation of LMS.


Hi all,

Here is the attack I mentioned at the meeting today: https://eprint.iacr.org/2018/674/20180713:140821<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Feprint.iacr.org%2F2018%2F674%2F20180713%3A140821&data=02%7C01%7Cquynh.dang%40nist.gov%7Cf6277e7102074843afe408d6b4321776%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C636894524568596697&sdata=xsTRh1kObIT8W%2Bt8EWUSRZdEjIC9mDwWiJbdCRK5Zbk%3D&reserved=0>amp;reserved=0>.

This is a fault attack (that is, you try to make the signer miscompute something, and then use the miscomputed signature); a signer implementation could implement protections against this (of course, those protections are not free).

I just looked at the LMS's draft, the single tree with height 25 ( 2^25 signatures)  takes only 1..5 hours.

Clarification on this:
•         The test used 15 cores (and so it used a total of circa 1 core-day)
•         This was done with a W=8 parameter set.  This makes the signature shorter (1936 bytes in this case), however it does increase the key generation time; a W=4 parameter set would approximately double the signature size, while decreasing the key generation time by circa a factor of 8.


Regards,
Quynh.






_______________________________________________
Spasm mailing list
Spasm@ietf.org<mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm