{"id":"https://openalex.org/W3110821325","doi":"https://doi.org/10.1515/jmc-2020-0079","title":"One Bit is All It Takes: A Devastating Timing Attack on BLISS\u2019s Non-Constant Time Sign Flips","display_name":"One Bit is All It Takes: A Devastating Timing Attack on BLISS\u2019s Non-Constant Time Sign Flips","publication_year":2020,"publication_date":"2020-11-17","ids":{"openalex":"https://openalex.org/W3110821325","doi":"https://doi.org/10.1515/jmc-2020-0079","mag":"3110821325"},"language":"en","primary_location":{"is_oa":true,"landing_page_url":"https://doi.org/10.1515/jmc-2020-0079","pdf_url":"https://www.degruyter.com/document/doi/10.1515/jmc-2020-0079/pdf","source":{"id":"https://openalex.org/S100611479","display_name":"Journal of Mathematical Cryptology","issn_l":"1862-2976","issn":["1862-2976","1862-2984"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310313990","host_organization_name":"De Gruyter","host_organization_lineage":["https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true},"type":"article","type_crossref":"journal-article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.degruyter.com/document/doi/10.1515/jmc-2020-0079/pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5025296319","display_name":"Alexandre Wallet","orcid":null},"institutions":[{"id":"https://openalex.org/I2251713219","display_name":"NTT (Japan)","ror":"https://ror.org/00berct97","country_code":"JP","type":"company","lineage":["https://openalex.org/I2251713219"]},{"id":"https://openalex.org/I4210133778","display_name":"Inria Rennes - Bretagne Atlantique Research Centre","ror":"https://ror.org/04040yw90","country_code":"FR","type":"government","lineage":["https://openalex.org/I1326498283","https://openalex.org/I4210133778"]}],"countries":["FR","JP"],"is_corresponding":false,"raw_author_name":"Alexandre Wallet","raw_affiliation_strings":["Inria Rennes \u2013 Bretagne Atlantique (Campus de beaulieu\r\n35042 Rennes cedex - France)","NTT Secure Platform Laboratories [Tokyo] (Tokyo - Japan)"],"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories [Tokyo] (Tokyo - Japan)","institution_ids":["https://openalex.org/I2251713219"]},{"raw_affiliation_string":"Inria Rennes \u2013 Bretagne Atlantique (Campus de beaulieu\r\n35042 Rennes cedex - France)","institution_ids":["https://openalex.org/I4210133778"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5108278240","display_name":"Mehdi Tibouchi","orcid":null},"institutions":[{"id":"https://openalex.org/I2251713219","display_name":"NTT (Japan)","ror":"https://ror.org/00berct97","country_code":"JP","type":"company","lineage":["https://openalex.org/I2251713219"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Mehdi Tibouchi","raw_affiliation_strings":["NTT Secure Platform Laboratories [Tokyo] (Tokyo - Japan)"],"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories [Tokyo] (Tokyo - Japan)","institution_ids":["https://openalex.org/I2251713219"]}]}],"institution_assertions":[],"countries_distinct_count":2,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1000,"currency":"EUR","value_usd":1078,"provenance":"doaj"},"apc_paid":{"value":1000,"currency":"EUR","value_usd":1078,"provenance":"doaj"},"fwci":1.308,"has_fulltext":true,"fulltext_origin":"pdf","cited_by_count":12,"citation_normalized_percentile":{"value":0.999972,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":88,"max":89},"biblio":{"volume":"15","issue":"1","first_page":"131","last_page":"142"},"is_retracted":false,"is_paratext":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9995,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9991,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9954,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/bliss","display_name":"BLISS","score":0.8406386},{"id":"https://openalex.org/keywords/timing-attack","display_name":"Timing attack","score":0.834673},{"id":"https://openalex.org/keywords/constant","display_name":"Constant (computer programming)","score":0.42292565}],"concepts":[{"id":"https://openalex.org/C2780658912","wikidata":"https://www.wikidata.org/wiki/Q2877155","display_name":"BLISS","level":2,"score":0.8406386},{"id":"https://openalex.org/C28420585","wikidata":"https://www.wikidata.org/wiki/Q2665075","display_name":"Timing attack","level":4,"score":0.834673},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.687337},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6651158},{"id":"https://openalex.org/C139676723","wikidata":"https://www.wikidata.org/wiki/Q1193832","display_name":"Sign (mathematics)","level":2,"score":0.60324156},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.53290087},{"id":"https://openalex.org/C2777027219","wikidata":"https://www.wikidata.org/wiki/Q1284190","display_name":"Constant (computer programming)","level":2,"score":0.42292565},{"id":"https://openalex.org/C115537543","wikidata":"https://www.wikidata.org/wiki/Q165596","display_name":"Cache","level":2,"score":0.41797036},{"id":"https://openalex.org/C45374587","wikidata":"https://www.wikidata.org/wiki/Q12525525","display_name":"Computation","level":2,"score":0.41491574},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.38754705},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.30941647},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.25663838},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.21162346},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":5,"locations":[{"is_oa":true,"landing_page_url":"https://doi.org/10.1515/jmc-2020-0079","pdf_url":"https://www.degruyter.com/document/doi/10.1515/jmc-2020-0079/pdf","source":{"id":"https://openalex.org/S100611479","display_name":"Journal of Mathematical Cryptology","issn_l":"1862-2976","issn":["1862-2976","1862-2984"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310313990","host_organization_name":"De Gruyter","host_organization_lineage":["https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true},{"is_oa":true,"landing_page_url":"https://hal.archives-ouvertes.fr/hal-03551624","pdf_url":"https://hal.science/hal-03551624/document","source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":["Centre National de la Recherche Scientifique"],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false},{"is_oa":false,"landing_page_url":"https://doaj.org/article/ef17ce7580d4448895cab0c3297a9527","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false},{"is_oa":true,"landing_page_url":"https://hal.archives-ouvertes.fr/hal-03551624/file/draft.pdf","pdf_url":"https://hal.archives-ouvertes.fr/hal-03551624/file/draft.pdf","source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":["Centre National de la Recherche Scientifique"],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false},{"is_oa":true,"landing_page_url":"https://hal.archives-ouvertes.fr/hal-03551624/document","pdf_url":"https://hal.archives-ouvertes.fr/hal-03551624/document","source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":["Centre National de la Recherche Scientifique"],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false}],"best_oa_location":{"is_oa":true,"landing_page_url":"https://doi.org/10.1515/jmc-2020-0079","pdf_url":"https://www.degruyter.com/document/doi/10.1515/jmc-2020-0079/pdf","source":{"id":"https://openalex.org/S100611479","display_name":"Journal of Mathematical Cryptology","issn_l":"1862-2976","issn":["1862-2976","1862-2984"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310313990","host_organization_name":"De Gruyter","host_organization_lineage":["https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter"],"type":"journal"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true},"sustainable_development_goals":[],"grants":[],"datasets":[],"versions":[],"referenced_works_count":7,"referenced_works":["https://openalex.org/W2122759946","https://openalex.org/W2412886904","https://openalex.org/W2765255210","https://openalex.org/W2765784230","https://openalex.org/W2898218073","https://openalex.org/W2900370870","https://openalex.org/W2989065323"],"related_works":["https://openalex.org/W4387031668","https://openalex.org/W3180573957","https://openalex.org/W3131321414","https://openalex.org/W3006344745","https://openalex.org/W2887442533","https://openalex.org/W2188560665","https://openalex.org/W2162805750","https://openalex.org/W2103519941","https://openalex.org/W1971956962","https://openalex.org/W182679101"],"abstract_inverted_index":{"Abstract":[0],"As":[1],"one":[2,11],"of":[3,12,27,39,43,50,53,99,140,146,171,183,191],"the":[4,13,28,96,120,169,184,189,192],"most":[5],"efficient":[6],"lattice-based":[7],"signature":[8,92],"schemes,":[9],"and":[10,47,94],"only":[14],"ones":[15],"to":[16,118,188],"have":[17,57],"seen":[18,176],"deployment":[19],"beyond":[20],"an":[21,68],"academic":[22],"setting":[23],"(e.g.,":[24],"as":[25,177],"part":[26],"VPN":[29],"software":[30],"suite":[31],"strongSwan),":[32],"BLISS":[33,80,100],"has":[34],"attracted":[35],"a":[36,87,143,153,164,178],"significant":[37],"amount":[38],"attention":[40],"in":[41,60,111,149],"terms":[42],"its":[44,54],"implementation":[45,98],"security,":[46],"side-channel":[48,124],"vulnerabilities":[49],"several":[51],"parts":[52],"signing":[55],"algorithm":[56],"been":[58],"identified":[59],"previous":[61],"works.":[62],"In":[63],"this":[64,105,137],"paper,":[65],"we":[66],"present":[67],"even":[69],"simpler":[70],"timing":[71],"attack":[72,185],"against":[73],"it.":[74],"The":[75,158,181],"bimodal":[76],"Gaussian":[77],"distribution":[78],"that":[79,104,135],"is":[81,84,108,115,148,160],"named":[82],"after":[83],"achieved":[85],"using":[86,163],"random":[88],"sign":[89,106,122],"flip":[90,107],"during":[91],"generation,":[93],"neither":[95],"original":[97],"nor":[101],"strongSwan":[102],"ensure":[103],"carried":[109,161],"out":[110,162],"constant":[112],"time.":[113],"It":[114],"therefore":[116],"possible":[117],"recover":[119],"corresponding":[121],"through":[123],"leakage":[125,141],"(using,":[126],"e.g.,":[127],"cache":[128],"attacks":[129],"or":[130],"branch":[131],"tracing).":[132],"We":[133],"show":[134],"obtaining":[136],"single":[138],"bit":[139],"(for":[142],"moderate":[144],"number":[145],"signatures)":[147],"fact":[150],"sufficient":[151],"for":[152],"full":[154],"key":[155],"recovery":[156,159],"attack.":[157],"maximum":[165],"likelihood":[166],"estimation":[167],"on":[168],"space":[170],"parameters,":[172],"which":[173],"can":[174],"be":[175],"statistical":[179],"manifold.":[180],"analysis":[182],"thus":[186],"reduces":[187],"computation":[190],"Fisher":[193],"information":[194],"metric.":[195]},"cited_by_api_url":"https://api.openalex.org/works?filter=cites:W3110821325","counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":3}],"updated_date":"2025-01-03T09:57:03.097650","created_date":"2020-12-21"}
  <script>parent.window.postMessage('ixistenz.url:https://api.openalex.org/works/doi:10.1515%2FJMC-2020-0079', '*'); </script> <div id='browserdiffcontainer' style='position: fixed; right: 10px; top: 10vh; min-width: 60px;  border: 1px solid white; background: rgb(251, 189, 0);; opacity: 0.9; font-family: helvetica, arial, sans serif;  font-size: 12px; z-index: 20001; padding-bottom: 20px;'><div onclick="toggle('browserdiffcontainerlist'); return false;" style='background: rgb(151, 89, 0);; color: white; '><strong>&nbsp; <span class='glyphicon glyphicon-minus'></span> NODES</strong></div><div id='browserdiffcontainerlist' style='padding-left: 10px; padding-right: 5px; max-height: 50vh; overflow: auto; '></div></div>
<script>
function toggle( divname ) {
  var x = document.getElementById( divname );
  if (x.style.display === 'none') {
    x.style.display = 'block';
  } else {
    x.style.display = 'none';
  }
} </script>