Fault Cryptanalysis of ElGamal Signature Scheme
In this paper we examine the immunity of ElGamal signature scheme and its variants against fault cryptanalysis. Although such schemes have been already widely adopted, their resistance against fault cryptanalysis has not been verified in detail yet. However, at least some of them are not immune to fault cryptanalysis and can be broken without solving discrete logarithm problem. We will show that the selected signature schemes can be broken in O(nlog2n) steps if single bit-flip errors are inducted during computations. We also present two modifications that can be used to improve security of ElGamal scheme.
Unable to display preview. Download preview PDF.
- 1.Bao, F., Deng, R., Han, Y., Jeng, A., Narasimhalu, A.D., Ngair, T.-H.: Breaking Public Key Cryptosystems an Tamper Resistance Devices in the Presence of Transient Fault. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 115–124. Springer, Heidelberg (1998)CrossRefGoogle Scholar
- 2.Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar