Advances in Cryptology – ASIACRYPT 2009

Volume 5912 of the series Lecture Notes in Computer Science pp 653-666

PSS Is Secure against Random Fault Attacks

  • Jean-Sébastien CoronAffiliated withLancaster UniversityUniversity of Luxembourg
  • , Avradip MandalAffiliated withLancaster UniversityUniversity of Luxembourg


A fault attack consists in inducing hardware malfunctions in order to recover secrets from electronic devices. One of the most famous fault attack is Bellcore’s attack against RSA with CRT; it consists in inducing a fault modulo p but not modulo q at signature generation step; then by taking a gcd the attacker can recover the factorization of N = pq. The Bellcore attack applies to any encoding function that is deterministic, for example FDH. Recently, the attack was extended to randomized encodings based on the iso/iec 9796-2 signature standard. Extending the attack to other randomized encodings remains an open problem.

In this paper, we show that the Bellcore attack cannot be applied to the PSS encoding; namely we show that PSS is provably secure against random fault attacks in the random oracle model, assuming that inverting RSA is hard.


Probabilistic Signature Scheme Provable Security Fault Attacks Bellcore Attack