Skip to main content
SpringerLink
Log in

Differential Attacks on Deterministic Signatures

  • Conference paper
  • First Online:
Topics in Cryptology – CT-RSA 2018 (CT-RSA 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10808))

Included in the following conference series:

Abstract

Deterministic signature schemes are becoming more popular, as illustrated by the deterministic variant of ECDSA and the popular EdDSA scheme, since eliminating the need for high-quality randomness might have some advantages in certain use-cases. In this paper we outline a range of differential fault attacks and a differential power analysis attack against such deterministic schemes. This shows, contrary to some earlier works, that such signature schemes are not naturally protected against such advanced attacks. We discuss different countermeasures and propose to include entropy for low-cost protection against these attacks in scenarios where these attack vectors are a real threat: this does not require to change the key generation or the verification methods and results in a signature scheme which offers high performance and security for a wide range of use-cases.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    See for example the “Things that use Ed25519” webpage https://ianix.com/pub/ed25519-deployment.html.

References

  1. American National Standards Institute: Public Key Cryptography For The Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), ANSI X9.62-2005 (2005)

    Google Scholar 

  2. Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)

    Article  Google Scholar 

  3. Barenghi, A., Bertoni, G.M., Breveglieri, L., Pelosi, G., Sanfilippo, S., Susella, R.: A fault-based secret key retrieval method for ECDSA: Analysis and countermeasure. ACM J. Emerg. Technol. Comput. Syst. 13(1), 8:1–8:26 (2016)

    Article  Google Scholar 

  4. Barenghi, A., Pelosi, G.: A note on fault attacks against deterministic signature schemes. In: Ogawa, K., Yoshioka, K. (eds.) IWSEC 2016. LNCS, vol. 9836, pp. 182–192. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44524-3_11

    Chapter  Google Scholar 

  5. Belaïd, S., Bettale, L., Dottax, E., Genelle, L., Rondepierre, F.: Differential power analysis of HMAC SHA-2 in the Hamming weight model. In: Samarati, P. (ed.) SECRYPT, pp. 230–241. IEEE (2013)

    Google Scholar 

  6. Bernstein, D.J.: Curve25519: new diffie-hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_14

    Chapter  Google Scholar 

  7. Bernstein, D.J., Chang, Y.-A., Cheng, C.-M., Chou, L.-P., Heninger, N., Lange, T., van Someren, N.: Factoring RSA keys from certified smart cards: Coppersmith in the wild. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 341–360. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42045-0_18

    Chapter  Google Scholar 

  8. Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 124–142. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_9

    Chapter  Google Scholar 

  9. Bernstein, D.J., Josefsson, S., Lange, T., Schwabe, P., Yang, B.Y.: EdDSA for more curves. Cryptology ePrint Archive, Report 2015/677 (2015). http://eprint.iacr.org/2015/677

  10. Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 29–50. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76900-2_3

    Chapter  Google Scholar 

  11. Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_8

    Chapter  Google Scholar 

  12. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052259

    Chapter  Google Scholar 

  13. Blömer, J., Otto, M., Seifert, J.-P.: Sign change fault attacks on elliptic curve cryptosystems. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 36–52. Springer, Heidelberg (2006). https://doi.org/10.1007/11889700_4

    Chapter  Google Scholar 

  14. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14(2), 101–119 (2001)

    Article  MathSciNet  MATH  Google Scholar 

  15. BSI: Minimum requirements for evaluating side-channel attack resistance of elliptic curve implementations (2016). http://www.bsi.bund.de/

  16. “Bushing”, Cantero, H., Boessenkool, S., Peter, S.: PS3 epic fail (2010). http://events.ccc.de/congress/2010/Fahrplan/attachments/1780_27c3_console_hacking_2010.pdf

  17. Ciet, M., Joye, M.: Elliptic curve cryptosystems in the presence of permanent and transient faults. Des. Codes Cryptograph. 36(1), 33–43 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  18. Edwards, H.M.: A normal form for elliptic curves. Bull. Am. Math. Soc. 44, 393–422 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  19. ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31, 469–472 (1985)

    Article  MathSciNet  MATH  Google Scholar 

  20. Fan, J., Verbauwhede, I.: An updated survey on secure ECC implementations: attacks, countermeasures and cost. In: Naccache, D. (ed.) Cryptography and Security: From Theory to Applications. LNCS, vol. 6805, pp. 265–282. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28368-0_18

    Chapter  Google Scholar 

  21. Fouque, P.A., Lercier, R., Réal, D., Valette, F.: Fault attack on elliptic curve Montgomery ladder implementation. In: FDTC 2008. pp. 92–98. IEEE Computer Society (2008)

    Google Scholar 

  22. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1_21

    Chapter  Google Scholar 

  23. Gartner: Gartner says 8.4 billion connected “things” will be in use in 2017, up 31 percent from 2016. http://www.gartner.com/newsroom/id/3598917 (Feb 2017)

  24. Genkin, D., Valenta, L., Yarom, Y.: May the fourth be with you: A microarchitectural side channel attack on several real-world applications of Curve25519. In: ACM CCS 2017, pp. 845–858. ACM Press (2017). ePrint 2017/806. http://eprint.iacr.org/2017/806

  25. Gueron, S., Krasnov, V.: Fast prime field elliptic-curve cryptography with 256-bit primes. J. Cryptograph. Eng. 5(2), 141–151 (2015)

    Article  Google Scholar 

  26. Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your Ps and Qs: Detection of widespread weak keys in network devices. In: USENIX Security Symposium, pp. 205–220. USENIX, Bellevue, WA (2012)

    Google Scholar 

  27. Joye, M., Tunstall, M. (eds.): Fault Analysis in Cryptography. Information Security and Cryptography. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29656-7

    MATH  Google Scholar 

  28. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9

    Google Scholar 

  29. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    Google Scholar 

  30. Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Public keys. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 626–642. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_37

    Chapter  Google Scholar 

  31. M’Raïhi, D., Naccache, D., Pointcheval, D., Vaudenay, S.: Computational alternatives to random number generators. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 72–80. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48892-8_6

    Chapter  Google Scholar 

  32. National Institute of Standards and Technology: Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-4 (2013). http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf

  33. National Institute of Standards and Technology: Public Comments Received on FIPS 186–4: Digital Signature Standard (DSS) (2015). http://csrc.nist.gov/groups/ST/toolkit/documents/Comments-received-FIPS-186-4-Dec2015.pdf

  34. National Institute of Standards and Technology: SP 800–90A Rev. 1: Recommendation for Random Number Generation Using Deterministic Random Bit Generators (2015). http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf

  35. Nguyen, P.Q., Shparlinski, I.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Des. Codes Cryptograph. 30(2), 201–217 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  36. Perrin, T.: The XEdDSA and VXEdDSA signature schemes. Unpublished manuscript (Oct 2016). Revision 1. https://signal.org/docs/specifications/xeddsa/

  37. Poddebniak, D., Schinzel, S., Somorovsky, J., Lochter, M., Roesler, P.: Attacking deterministic signature schemes using fault attacks. In: EuroS&P 2018. IEEE Computer Society (to appear)

    Google Scholar 

  38. Pornin, T.: Deterministic usage of the digital signature algorithm (DSA) and elliptic curve digital signature algorithm (ECDSA). RFC 6979 (2013). https://tools.ietf.org/html/rfc6979

  39. Romailler, Y., Pelissier, S.: Practical fault attack against the Ed25519 and EdDSA signature schemes. In: FDTC 2017, pp. 17–24. IEEE Computer Society (2017)

    Google Scholar 

  40. Samwel, N., Batina, L., Bertoni, G., Daemen, J., Susella, R.: Breaking Ed25519 in WolfSSL. Cryptology ePrint Archive, Report 2017/985 (2017). http://eprint.iacr.org/2017/985

  41. Schmidt, J.M., Medwed, M.: A fault attack on ECDSA. In: Breveglieri, L., et al. (eds.) FDTC 2009, pp. 93–99. IEEE Computer Society (2009)

    Google Scholar 

  42. Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Acknowledgments

We would like to thank Laurie Genelle for her comments on an earlier version of this paper.

Author information

Authors and Affiliations

  1. NXP Semiconductors, Hamburg, Germany

    Christopher Ambrose, Björn Fay & Bruce Murray

  2. NXP Semiconductors, Leuven, Belgium

    Joppe W. Bos

  3. NXP Semiconductors, San Jose, CA, USA

    Marc Joye

  4. Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany

    Manfred Lochter

Authors
  1. Christopher Ambrose
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joppe W. Bos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Björn Fay
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marc Joye
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Manfred Lochter
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Bruce Murray
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Joppe W. Bos or Marc Joye .

Editor information

Editors and Affiliations

  1. KU Leuven , Leuven, Belgium

    Nigel P. Smart

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ambrose, C., Bos, J.W., Fay, B., Joye, M., Lochter, M., Murray, B. (2018). Differential Attacks on Deterministic Signatures. In: Smart, N. (eds) Topics in Cryptology – CT-RSA 2018. CT-RSA 2018. Lecture Notes in Computer Science(), vol 10808. Springer, Cham. https://doi.org/10.1007/978-3-319-76953-0_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-76953-0_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-76952-3

  • Online ISBN: 978-3-319-76953-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation