search

sphincs / parallel-sphincsplus

This repository contains another implementation of the Sphincs+ postquantum signature system
Creative Commons Zero v1.0 Universal
3 stars 4 forks source link

Could we implement fault tolerance? #5

Closed sfluhrer closed 3 years ago

sfluhrer commented 3 years ago

One thing about Sphincs+ is that it is sensitive to fault attacks; if an intermediate Merkle tree is miscomputed, the next-higher tree will sign the wrong message (leading to a two-time use of a one-time signature).

To address this, one possibility would be to allow an option to compute each non-top Merkle tree and each FORS tree twice, and see if the roots are the same value. This will obviously take about twice as long.

Ideally, we'd want to ensure that the redundant computations happen on different cores (however within tweaking thread affinities, we can't ensure that); on the other hand, if the redundant computations are in adjecent tasks (as inserted onto the queue), that'd mostly happen anyways.

sfluhrer commented 3 years ago

Added this protection in the fault branch