Fault Attacks on Signature Schemes

In 1996, Bao, Deng, Han, Jeng, Narasimhalu and Ngair presented bit-fault attacks on some signature schemes such as DSA, El Gamal and Schnorr signatures schemes. Unfortunately nowadays, their fault model is still very difficult to apply in practice. In this paper we extend Bao et al.’s attacks on the DSA, the ElGamal and the Schnorr signature by using a byte-fault model which is easier to put into practice. We also present byte-fault attacks on two other signature schemes: ECDSA and XTR-DSA. All these fault attacks are based on a common principle which allows us to obtain a 160-bit secret key by using 2300 faulty signatures on average.

[1]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2003 , 2003, Lecture Notes in Computer Science.

[2]  Sung-Ming Yen,et al.  Differential Fault Analysis on AES Key Schedule and Some Coutnermeasures , 2003, ACISP.

[3]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[4]  Arjen K. Lenstra,et al.  An overview of the XTR public key system , 2001 .

[5]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[6]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[7]  Arjen K. Lenstra Memo on RSA signature generation in the presence of faults , 1996 .

[8]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[9]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[10]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[11]  Arjen K. Lenstra,et al.  The XTR Public Key System , 2000, CRYPTO.

[12]  Jean-Pierre Seifert,et al.  A new CRT-RSA algorithm secure against bellcore attacks , 2003, CCS '03.

[13]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[14]  Nigel P. Smart,et al.  Information Security - ISC 2002 , 2002 .

[15]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[16]  Seungjoo Kim,et al.  A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack , 2001, ICISC.

[17]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[18]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[19]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[20]  Robert H. Deng,et al.  Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults , 1997, Security Protocols Workshop.

[21]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[22]  Marc Joye,et al.  Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults , 2005, Des. Codes Cryptogr..

[23]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[24]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.