{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T00:31:26Z","timestamp":1764981086996,"version":"3.46.0"},"reference-count":11,"publisher":"Walter de Gruyter GmbH","issue":"1","license":[{"start":{"date-parts":[[2020,11,17]],"date-time":"2020-11-17T00:00:00Z","timestamp":1605571200000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,11,17]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>As one of the most efficient lattice-based signature schemes, and one of the only ones to have seen deployment beyond an academic setting (e.g., as part of the VPN software suite strongSwan), BLISS has attracted a significant amount of attention in terms of its implementation security, and side-channel vulnerabilities of several parts of its signing algorithm have been identified in previous works. In this paper, we present an even simpler timing attack against it. The bimodal Gaussian distribution that BLISS is named after is achieved using a random sign flip during signature generation, and neither the original implementation of BLISS nor strongSwan ensure that this sign flip is carried out in constant time. It is therefore possible to recover the corresponding sign through side-channel leakage (using, e.g., cache attacks or branch tracing). We show that obtaining this single bit of leakage (for a moderate number of signatures) is in fact sufficient for a full key recovery attack. The recovery is carried out using a maximum likelihood estimation on the space of parameters, which can be seen as a statistical manifold. The analysis of the attack thus reduces to the computation of the Fisher information metric.<\/jats:p>","DOI":"10.1515\/jmc-2020-0079","type":"journal-article","created":{"date-parts":[[2020,11,30]],"date-time":"2020-11-30T15:54:44Z","timestamp":1606751684000},"page":"131-142","source":"Crossref","is-referenced-by-count":10,"title":["One Bit is All It Takes: A Devastating Timing Attack on BLISS\u2019s Non-Constant Time Sign Flips"],"prefix":"10.1515","volume":"15","author":[{"given":"Mehdi","family":"Tibouchi","sequence":"first","affiliation":[{"name":"3\u20139\u201311 Midori-cho, Musashino-shi , Tokyo , Japan"}]},{"given":"Alexandre","family":"Wallet","sequence":"additional","affiliation":[{"name":"3\u20139\u201311 Midori-cho, Musashino-shi , Tokyo , Japan"}]}],"member":"374","published-online":{"date-parts":[[2020,11,17]]},"reference":[{"key":"2025120600293860253_j_jmc-2020-0079_ref_001","unstructured":"Nihat Ay, J\u00fcrgen Jost, H\u00f4ng V\u00e2n L\u00ea and Lorenz Schwachh\u00f6fer, Information Geometry, Springer, 2017."},{"key":"2025120600293860253_j_jmc-2020-0079_ref_002","doi-asserted-by":"crossref","unstructured":"Gilles Barthe, Sonia Bela\u00efd, Thomas Espitau, Pierre-Alain Fouque, M\u00e9lissa Rossi and Mehdi Tibouchi, GALACTICS: Gaussian Sampling for Lattice-Based Constant- Time Implementation of Cryptographic Signatures, Revisited, in: ACM CCS 2019 (Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang and Jonathan Katz, eds.), pp. 2147\u20132164, ACM Press, November 2019.","DOI":"10.1145\/3319535.3363223"},{"key":"2025120600293860253_j_jmc-2020-0079_ref_003","doi-asserted-by":"crossref","unstructured":"Jonathan Bootle, Claire Delaplace, Thomas Espitau, Pierre-Alain Fouque and Mehdi Tibouchi, LWE Without Modular Reduction and Improved Side-Channel Attacks Against BLISS, in: ASIACRYPT 2018, Part I (Thomas Peyrin and Steven Galbraith, eds.), LNCS 11272, pp. 494\u2013524, Springer, Heidelberg, December 2018.","DOI":"10.1007\/978-3-030-03326-2_17"},{"key":"2025120600293860253_j_jmc-2020-0079_ref_004","doi-asserted-by":"crossref","unstructured":"Leon Groot Bruinderink, Andreas H\u00fclsing, Tanja Lange and Yuval Yarom, Flush, Gauss, and Reload - A Cache Attack on the BLISS Lattice-Based Signature Scheme, in: CHES 2016 (Benedikt Gierlichs and Axel Y. Poschmann, eds.), LNCS 9813, pp. 323\u2013345, Springer, Heidelberg, August 2016.","DOI":"10.1007\/978-3-662-53140-2_16"},{"key":"2025120600293860253_j_jmc-2020-0079_ref_005","doi-asserted-by":"crossref","unstructured":"L\u00e9o Ducas, Alain Durmus, Tancr\u00e8de Lepoint and Vadim Lyubashevsky, Lattice Signatures and Bimodal Gaussians, in: CRYPTO 2013, Part I (Ran Canetti and Juan A. Garay, eds.), LNCS 8042, pp. 40\u201356, Springer, Heidelberg, August 2013.","DOI":"10.1007\/978-3-642-40041-4_3"},{"key":"2025120600293860253_j_jmc-2020-0079_ref_006","unstructured":"L\u00e9o Ducas and Tancr\u00e8de Lepoint, BLISS: Bimodal Lattice Signature Schemes, June 2013, http:\/\/bliss.di.ens.fr\/bliss-06-13-2013.zip (proof-of-concept implementation)."},{"key":"2025120600293860253_j_jmc-2020-0079_ref_007","doi-asserted-by":"crossref","unstructured":"Thomas Espitau, Pierre-Alain Fouque, Beno\u00eet G\u00e9rard and Mehdi Tibouchi, Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing against strongSwan and Electromagnetic Emanations in Microcontrollers, in: ACM CCS 2017 (Bhavani M. Thuraisingham, David Evans, Tal Malkin and Dongyan Xu, eds.), pp. 1857\u20131874, ACM Press, October \/ November 2017.","DOI":"10.1145\/3133956.3134028"},{"key":"2025120600293860253_j_jmc-2020-0079_ref_008","unstructured":"Robert V. Hogg, Joseph W. McKean and Allen T. Craig, Introduction to Mathematical Satistics (8th edition), Pearson, 2018."},{"key":"2025120600293860253_j_jmc-2020-0079_ref_009","unstructured":"Erich L. Lehmann and George Casella, Theory of Point Estimation, Springer, 1998."},{"key":"2025120600293860253_j_jmc-2020-0079_ref_010","doi-asserted-by":"crossref","unstructured":"Peter Pessl, Leon Groot Bruinderink and Yuval Yarom, To BLISS-B or not to be: Attacking strongSwan\u2019s Implementation of Post-Quantum Signatures, in: ACM CCS 2017 (Bhavani M. Thuraisingham, David Evans, Tal Malkin and Dongyan Xu, eds.), pp. 1843\u20131855, ACM Press, October \/ November 2017.","DOI":"10.1145\/3133956.3134023"},{"key":"2025120600293860253_j_jmc-2020-0079_ref_011","unstructured":"Andreas Steffen et al., strongSwan: the Open Source IPsec-based VPN Solution (version 5.5.2), March 2017."}],"container-title":["Journal of Mathematical Cryptology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.degruyter.com\/view\/journals\/jmc\/15\/1\/article-p131.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2020-0079\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2020-0079\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T00:29:50Z","timestamp":1764980990000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.degruyterbrill.com\/document\/doi\/10.1515\/jmc-2020-0079\/html"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,17]]},"references-count":11,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2020,11,17]]},"published-print":{"date-parts":[[2020,11,17]]}},"alternative-id":["10.1515\/jmc-2020-0079"],"URL":"https:\/\/doi.org\/10.1515\/jmc-2020-0079","relation":{},"ISSN":["1862-2984"],"issn-type":[{"type":"electronic","value":"1862-2984"}],"subject":[],"published":{"date-parts":[[2020,11,17]]}}}