Improved Fault Analysis of Signature Schemes

  • Christophe Giraud
  • Erik W. Knudsen
  • Michael Tunstall
Conference paper

DOI: 10.1007/978-3-642-12510-2_12

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6035)
Cite this paper as:
Giraud C., Knudsen E.W., Tunstall M. (2010) Improved Fault Analysis of Signature Schemes. In: Gollmann D., Lanet JL., Iguchi-Cartigny J. (eds) Smart Card Research and Advanced Application. CARDIS 2010. Lecture Notes in Computer Science, vol 6035. Springer, Berlin, Heidelberg


At ACISP 2004, Giraud and Knudsen presented the first fault analysis of DSA, ECDSA, XTR-DSA, Schnorr and ElGamal signatures schemes that considered faults affecting one byte. They showed that 2304 faulty signatures would be expected to reduce the number of possible keys to 240, allowing a 160-bit private key to be recovered. In this paper we show that Giraud and Knudsen’s fault attack is much more efficient than originally claimed. We prove that 34.3% less faulty signatures are required to recover a private key using the same fault model. We also show that their original way of expressing the fault model under a system of equations can be improved. A more precise expression allows us to obtain another improvement of up to 47.1%, depending on the values of the key byte affected.


Fault analysis Signature schemes Smart card 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Christophe Giraud
    • 1
  • Erik W. Knudsen
    • 2
  • Michael Tunstall
    • 3
  1. 1.Oberthur TechnologiesPessacFrance
  2. 2.Alm. BrandKøbenhavn ØDenmark
  3. 3.Department of Computer ScienceUniversity of BristolBristolUnited Kingdom

Personalised recommendations