Practical Lattice-Based Fault Attack and Countermeasure on SM2 Signature Algorithm

We present a practical lattice-based fault attack against SM2 signature algorithm in a smart card. This seems to be the first combination of the lattice attack presented in SAC’2013 and fault attack against SM2 in practice. We successfully utilize the laser fault attack to skip the instructions of nonces being written into RAM, so that the nonces in signatures share partial same bits from each other. Next, we build the model of lattice attack and recover the private key. The experimental results show we only need 3 faulty signatures to mount lattice attack successfully in about 32 \(\upmu \)s. Moreover, we propose a new countermeasure for SM2 signature algorithm to resist lattice-based fault attack by destroying the condition of lattice attack rather than thwarting fault attack. It is proved the countermeasure can guarantee the ability to resist lattice attack, even if some information of the nonces is leaked.

[1]  Jörn-Marc Schmidt,et al.  A Fault Attack on ECDSA , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[2]  Nigel P. Smart,et al.  Attacking DSA Under a Repeated Bits Assumption , 2004, CHES.

[3]  Alessandro Barenghi,et al.  A novel fault attack against ECDSA , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[4]  Nigel P. Smart,et al.  Lattice Attacks on Digital Signature Schemes , 2001, Des. Codes Cryptogr..

[5]  M. Anwar Hasan,et al.  Fault Attacks on Elliptic Curve Cryptosystems , 2012, Fault Analysis in Cryptography.

[6]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[7]  David Naccache,et al.  Experimenting with Faults, Lattices and the DSA , 2005, Public Key Cryptography.

[8]  Jean-Charles Faugère,et al.  Attacking (EC)DSA Given Only an Implicit Hint , 2012, Selected Areas in Cryptography.

[9]  Jean-Pierre Seifert,et al.  Sign Change Fault Attacks on Elliptic Curve Cryptosystems , 2006, FDTC.

[10]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[11]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[12]  Jiazhe Chen,et al.  Partially Known Nonces and Fault Injection Attacks on SM2 Signature Algorithm , 2013, Inscrypt.

[13]  Marc Joye,et al.  Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults , 2005, Des. Codes Cryptogr..

[14]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[15]  Mehdi Tibouchi,et al.  Lattice-Based Fault Attacks on Signatures , 2012, Fault Analysis in Cryptography.

[16]  Igor E. Shparlinski,et al.  The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces , 2003, Des. Codes Cryptogr..