Improved Fault Analysis of Signature Schemes

  • Christophe Giraud
  • Erik W. Knudsen
  • Michael Tunstall
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6035)


At ACISP 2004, Giraud and Knudsen presented the first fault analysis of DSA, ECDSA, XTR-DSA, Schnorr and ElGamal signatures schemes that considered faults affecting one byte. They showed that 2304 faulty signatures would be expected to reduce the number of possible keys to 240, allowing a 160-bit private key to be recovered. In this paper we show that Giraud and Knudsen’s fault attack is much more efficient than originally claimed. We prove that 34.3% less faulty signatures are required to recover a private key using the same fault model. We also show that their original way of expressing the fault model under a system of equations can be improved. A more precise expression allows us to obtain another improvement of up to 47.1%, depending on the values of the key byte affected.


Fault analysis Signature schemes Smart card 


  1. 1.
    Bao, F., Deng, R., Han, Y., Jeng, A., Narasimhalu, A.D., Ngair, T.-H.: Breaking Public Key Cryptosystems an Tamper Resistance Devices in the Presence of Transient Fault. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 115–124. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s Apprentice Guide to Fault Attacks. IEEE 94(2), 370–382 (2006)CrossRefGoogle Scholar
  3. 3.
    Bellcore. New Threat Model Breaks Crypto Codes. Press Release (September 1996)Google Scholar
  4. 4.
    Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystem. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)Google Scholar
  5. 5.
    Boneh, D., DeMillo, R., Lipton, R.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  6. 6.
    Dottax, E.: Fault Attacks on NESSIE Signature and Identification Schemes. Technical report, NESSIE (October 2002)Google Scholar
  7. 7.
    ElGamal, T.: A Public-Key Cryptosystems and a Signature Scheme based on Discret Logarithms. IEEE Transaction on Information Theory 31(4), 172–469 (1985)Google Scholar
  8. 8.
    FIPS PUB 186-3. Digital Signature Standard. National Institute of Standards and Technology, Draft (March 2006)Google Scholar
  9. 9.
    Giraud, C., Knudsen, E.: Fault Attacks on Signature Schemes. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 478–491. Springer, Heidelberg (2004)Google Scholar
  10. 10.
    Giraud, C., Thiebeauld, H.: A Survey on Fault Attacks. In: Quisquater, J.-J., Paradinas, P., Deswarte, Y., Kalam, A.E. (eds.) Smart Card Research and Advanced Applications VI – CARDIS 2004, pp. 159–176. Kluwer Academic Publishers, Dordrecht (2004)CrossRefGoogle Scholar
  11. 11.
    Joye, M., Lenstra, A., Quisquater, J.-J.: Chinese Remaindering Based Cryptosystems in the Presence of Faults. Journal of Cryptology 12(4), 241–245 (1999)MATHCrossRefGoogle Scholar
  12. 12.
    Joye, M., Quisquater, J.-J., Bao, F., Deng, R.: RSA-type Signatures in the Presence of Transient Faults. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 155–160. Springer, Heidelberg (1997)Google Scholar
  13. 13.
    Lenstra, A.: Memo on RSA Signature Generation in the Presence of Faults. Manuscript (1996)Google Scholar
  14. 14.
    Lenstra, A., Verheul, E.: An Overview of the XTR Public Key System. In: Alster, K., Urbanowicz, J., Williams, H. (eds.) Public Key Cryptography and Computational Number Theory, de Gruyter, pp. 151–180 (2000)Google Scholar
  15. 15.
    Naccache, D., Nguyen, P., Tunstall, M., Whelan, C.: Experimenting with Faults, Lattices and the DSA. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 16–28. Springer, Heidelberg (2005)Google Scholar
  16. 16.
    Saha, D., Mukhopadhyay, D., RoyChowdhury, D.: A Diagonal Fault Attack on the Advanced Encryption Standard. Cryptology ePrint Archive, Report 2009/581 (2009),
  17. 17.
    Schnorr, C.: Efficient Identification and Signatures for Smart Cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Christophe Giraud
    • 1
  • Erik W. Knudsen
    • 2
  • Michael Tunstall
    • 3
  1. 1.Oberthur TechnologiesPessacFrance
  2. 2.Alm. BrandKøbenhavn ØDenmark
  3. 3.Department of Computer ScienceUniversity of BristolBristolUnited Kingdom

Personalised recommendations