US 12,388,616 B2
Fault detection of differential fault attack in lattice based cryptography
Markus Schoenauer, Vienna (AT); Melissa Azouaoui, Norderstedt (DE); Olivier Bronchain, Auderghem (BE); Tobias Schneider, Graz (AT); and Christine van Vredendaal, Veldhoven (NL)
Assigned to NXP B.V., Eindhoven (NL)
Filed by NXP B.V.
Filed on Feb. 15, 2023, as Appl. No. 18/169,467.
Prior Publication US 2024/0275576 A1, Aug. 15, 2024
Int. Cl. H04L 9/00 (2022.01); H04L 9/30 (2006.01); H04L 9/32 (2006.01)
CPC H04L 9/004 (2013.01) [H04L 9/3093 (2013.01); H04L 9/3247 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for a fault detection in a digital signature algorithm in a processor, the instructions, comprising:
computing vector z based on a secret nonce vector y, a first secret key vector s_(1), and a challenge polynomial c, wherein each of the vector z, the secret nonce vector y, and the first secret key vector s_1 includes a number of polynomials l having a number coefficients n, wherein the challenge polynomial c has the number of coefficients n, and wherein the number of polynomials l and the number of coefficients n are integers;
computing a difference value between all of the n coefficients of the l polynomials in the vector z;
computing a number of how many of the computed difference values are outside a specified value range;
computing a digital signature for an input message; and
rejecting the digital signature when the computed number is greater than a threshold value.