Improved Fault Analysis of Signature Schemes
- Cite this paper as:
- Giraud C., Knudsen E.W., Tunstall M. (2010) Improved Fault Analysis of Signature Schemes. In: Gollmann D., Lanet JL., Iguchi-Cartigny J. (eds) Smart Card Research and Advanced Application. CARDIS 2010. Lecture Notes in Computer Science, vol 6035. Springer, Berlin, Heidelberg
At ACISP 2004, Giraud and Knudsen presented the first fault analysis of DSA, ECDSA, XTR-DSA, Schnorr and ElGamal signatures schemes that considered faults affecting one byte. They showed that 2304 faulty signatures would be expected to reduce the number of possible keys to 240, allowing a 160-bit private key to be recovered. In this paper we show that Giraud and Knudsen’s fault attack is much more efficient than originally claimed. We prove that 34.3% less faulty signatures are required to recover a private key using the same fault model. We also show that their original way of expressing the fault model under a system of equations can be improved. A more precise expression allows us to obtain another improvement of up to 47.1%, depending on the values of the key byte affected.