![Loading...](https://link.springer.com/static/c4a417b97a76cc2980e3c25e2271af3129e08bbe/images/pdf-preview/spacer.gif)
-
Chapter and Conference Paper
“Oops, I Did It Again” – Security of One-Time Signatures Under Two-Message Attacks
One-time signatures (OTS) are called one-time, because the accompanying security reductions only guarantee security under single-message attacks. However, this does not imply that efficient attacks are possibl...
-
Chapter and Conference Paper
Post-quantum Security of the Sponge Construction
We investigate the post-quantum security of hash functions based on the sponge construction. A crucial property for hash functions in the post-quantum setting is the collapsing property (a strengthening of col...
-
Chapter and Conference Paper
HILA5 Pindakaas: On the CCA Security of Lattice-Based Encryption with Error Correction
We show that the NISTPQC submission HILA5 is not secure against chosen-ciphertext attacks. Specifically, we demonstrate a key-recovery attack on HILA5 using an active attack on reused keys. The attack works ar...
-
Chapter and Conference Paper
Sliding Right into Disaster: Left-to-Right Sliding Windows Leak
It is well known that constant-time implementations of modular exponentiation cannot use sliding windows. However, software libraries such as Libgcrypt, used by GnuPG, continue to use sliding windows. It is wi...
-
Chapter and Conference Paper
Flush, Gauss, and Reload – A Cache Attack on the BLISS Lattice-Based Signature Scheme
We present the first side-channel attack on a lattice-based signature scheme, using the Flush+Reload cache-attack. The attack is targeted at the discrete Gaussian sampler, an important step in the Bimodal Lattice...