Fault Cryptanalysis of ElGamal Signature Scheme

  • Janusz Biernat
  • Maciej Nikodem
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3643)


In this paper we examine the immunity of ElGamal signature scheme and its variants against fault cryptanalysis. Although such schemes have been already widely adopted, their resistance against fault cryptanalysis has not been verified in detail yet. However, at least some of them are not immune to fault cryptanalysis and can be broken without solving discrete logarithm problem. We will show that the selected signature schemes can be broken in O(nlog2n) steps if single bit-flip errors are inducted during computations. We also present two modifications that can be used to improve security of ElGamal scheme.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bao, F., Deng, R., Han, Y., Jeng, A., Narasimhalu, A.D., Ngair, T.-H.: Breaking Public Key Cryptosystems an Tamper Resistance Devices in the Presence of Transient Fault. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 115–124. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  3. 3.
    Giraud, C., Knudsen, E.: Fault Attacks on Signature Schemes. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 478–491. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Koblitz, N.: A Course in Number Theory and Cryptography. Springer, New York (1994) ISBN 83-204-1836-4MATHCrossRefGoogle Scholar
  5. 5.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996) ISBN 0-8493-8523-7CrossRefGoogle Scholar
  6. 6.
    Yen, S., Joye, M.: Checking Before Output May Not Be Enough against fault-based cryptanalysis. IEEE Transactions on Computers 49(9), 967–970 (2000)CrossRefGoogle Scholar
  7. 7.
    Yen, S., Kim, S., Lim, S., Moon, S.: RSA Speedup with Chinese Reminder Theorem Immune Against Hardware Fault Cryptanalysis. IEEE Transactions on Computers 52(4), 461–472 (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Janusz Biernat
    • 1
  • Maciej Nikodem
    • 1
  1. 1.Institute of Engineering CyberneticsWrocław University of TechnologyWrocławPoland

Personalised recommendations