DSA Signature Scheme Immune to the Fault Cryptanalysis

  • Maciej Nikodem
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5189)


In this paper we analyse the Digital Signature Algorithm (DSA) and its immunity to the fault cryptanalysis that takes advantage of errors inducted into the private key a. The focus of our attention is on the DSA scheme as it is a widely adopted by the research community, it is known to be vulnerable to this type of attack, but neither sound nor effective modifications to improve its immunity have been proposed. In our paper we consider a new way of implementing the DSA that enhances its immunity in the presence of faults. Our proposal ensures that inducting errors into the private key has no benefits since the attacker cannot deduce any information about the private key given erroneous signatures. The overhead of our proposal is similar to the overhead of obvious countermeasure based on signature verification. However, our modification generates fewer security issues.


Smart Card Signature Scheme Advance Encryption Standard Fault Injection Random Integer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Anderson, R.J., Kuhn, M.G.: Tamper Resistance - a Cautionary Note. In: The Second USENIX Workshop on Electronic Commerce Proceedings, pp. 18–21 (1996)Google Scholar
  2. 2.
    Aumller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.P.: Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Bao, F., Deng, R., Han, Y., Jeng, A., Narasimhalu, A.D., Ngair, T.-H.: Breaking Public Key Cryptosystems on Tamper Resistance Devices in the Presence of Transient Fault. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 115–124. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. 4.
    Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  5. 5.
    Blmer, J., Otto, M., Seifert, J.-P.: A New CRT-RSA Algorithm Secure Against Bellcore Attacks. In: Proc. ACM Computer and Communications Security 2003 (ACM CCS 2003), pp. 311–320. ACM Press, New York (2003)Google Scholar
  6. 6.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Venkatesan, R.: Rounding in Lattices and Its Cryptographic Applications. In: SODA: ACM-SIAM Symposium on Discrete Algorithms (A Conference on Theoretical, Experimental Analysis of Discrete Algorithms), pp. 675–681 (1997)Google Scholar
  8. 8.
    Breveglieri, L., Koren, I., Maistri, P., Ravasio, M.: Incorporating Error Detection in an RSA Architecture. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 71–79. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Czapski, M., Nikodem, M.: Error Correction Procedures for Advanced Encryption Standard. In: Int. Workshop on Coding and Cryptography (WCC 2007), April 16-20, 2007, pp. 89–98. INRIA (2007)Google Scholar
  10. 10.
    Dusart, P., Letourneux, G., Vivolo, O.: Differential Fault Analysis on A.E.S., ArXiv Computer Science e-prints (January 2003)Google Scholar
  11. 11.
    Giraud, C., Knudsen, E.: Fault Attacks on Signature Schemes. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 478–491. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Joye, M., Lenstra, A., Quisquater, J.J.: Chinese Remaindering Based Cryptosystems in the Presence of Faults. Journal of Cryptology 12, 241–245 (1999)CrossRefzbMATHGoogle Scholar
  13. 13.
    Karpovsky, M., Kulikowski, K.J., Taubin, A.: A Differential Fault Analysis Attack Resistant Architecture of the Advanced Encryption Standard. In: Proceedings of CARDIS 2004, pp. 177–192. Kluwer, Dordrecht (2004)Google Scholar
  14. 14.
    Karri, R., Wu, K., Mishra, P., Kim, Y.: Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers. IEEE Trans. on CAD of Integrated Circuits and Systems 21(12), 1509–1517 (2002)CrossRefGoogle Scholar
  15. 15.
    Kim, C.-H., Quisquater, J.-J.: Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 215–228. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Kömmerling, O., Kuhn, M.G.: Design Principles for Tamper-Resistant Smartcard Processors. In: USENIX Workshop on Smartcard Technology - Smartcard 1999, USENIX Association, pp. 9–20 (1999)Google Scholar
  17. 17.
    Naccache, D., Nguyen, P.Q., Tunstall, M., Whelan, C.: Experimenting with Faults, Lattices and the DSA. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 16–28. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Nguyen, P.Q., Shparlinski, I.E.: The Insecurity of the Digital Signature Algorithm with Partially Known Nonces. Journal of Cryptology 15(3), 151–176 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Rosa, T.: Lattice-based Fault Attacks on DSA - Another Possible Strategy. In: Proceedings of the conference Security and Protection of Information 2005, Brno, Czech Republic, 3-5 May 2005, pp. 91–96 (2005)Google Scholar
  20. 20.
    Yen, S.M., Joye, M.: Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis. IEEE Transactions on Computers 49(9), 967–970 (2000)CrossRefzbMATHGoogle Scholar
  21. 21.
    Yen, S.M., Kim, S., Lim, S., Moon, S.: RSA Speedup with Chinese Remainder Theorem Immune Against Hardware Fault Cryptanalysis. IEEE Transactions on Computers 52(4), 461–472 (2003)CrossRefGoogle Scholar
  22. 22.
    Yen, S.M., Kim, D., Moon, S.: Cryptanalysis of Two Protocols for RSA with CRT Based on Fault Infection. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 53–61. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Maciej Nikodem
    • 1
  1. 1.The Institute of Computer Engineering, Control and RoboticsWrocław University of TechnologyWrocławPoland

Personalised recommendations