Differential Fault Attacks on Elliptic Curve Cryptosystems

Extended Abstract
  • Ingrid Biehl
  • Bernd Meyer
  • Volker Müller
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1880)


In this paper we extend the ideas for differential fault attacks on the RSA cryptosystem (see [4]) to schemes using elliptic curves. We present three different types of attacks that can be used to derive information about the secret key if bit errors can be inserted into the elliptic curve computations in a tamper-proof device. The effectiveness of the attacks was proven in a software simulation of the described ideas.

Key words

Elliptic Curve Cryptosystem Differential Fault Attack 


  1. 1.
    R. J. Anderson and M. G. Kuhn: Tamper Resistance-a Cautionary Note, Pro ceedings of Second USENIX Workshop on Electronic Commerce 1996, pp. 1–11.Google Scholar
  2. 2.
    R. J. Anderson and M. G. Kuhn: Low Cost Attacks on Tamper Resistant Devices, Lecture Notes in Computer Science 1361, Proceedings of International Workshop on Security Protocols 1997, Springer, pp. 125–136.Google Scholar
  3. 3.
    E. Biham and A. Shamir: Differential Fault Analysis of Secret Key Cryptosystems, Lecture Notes of Computer Science 1294, Proceedings of CRYPTO’97, Springer, pp. 513–525.Google Scholar
  4. 4.
    D. Boneh, R. A. DeMillo, and R. J. Lipton: On the Importance of Checking Cryptographic Protocols for Faults, Lecture Notes of Computer Science 1233, Proceedings of EUROCRYPT’97, Springer, pp. 37–51.Google Scholar
  5. 5.
    M. Burmester: A Remark on the Efficiency of Identification Schemes, Lecture Notes of Computer Science 473, Proceedings of EUROCRYPT’90, Springer, pp. 493–495.Google Scholar
  6. 6.
    I. Connell: Elliptic Curve Handbook, Preprint, 1996.Google Scholar
  7. 7.
    IEEE P1363 Draft Version 12: Standard Specifications for Public Key Cryptography, available on the Homepage of the IEEE.Google Scholar
  8. 8.
    O. Kömmerling and M. G. Kuhn: Design Principles for Tamper-Resistant Smartcard Processors, Proceedings of USENIX Workshop on Smartcard Technology 1999, pp. 9–20.Google Scholar
  9. 9.
    H. W. Lenstra: Factoring Integers with Elliptic Curves, Annals of Mathematics, 126 (1987), pp. 649–673.CrossRefMathSciNetGoogle Scholar
  10. 10.
    C. H. Lim and P. J. Lee: A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroup, Lecture Notes of Computer Science 1294, Proceedings of CRYPTO’97, Springer, pp. 249–263.Google Scholar
  11. 11.
    A. Menezes: Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers, 1993.Google Scholar
  12. 12.
    S. Pohlig and M. Hellman: An Improved Algorithm for Computing Logarithms over GF(p) and its Cryptographic Significance, IEEE Transactions on Information Theory, vol. 24 (1978), pp. 106–110.zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    J. H. Silverman: The Arithmetic of Elliptic Curves, Graduate Texts in Mathematics 106, Springer 1986.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Ingrid Biehl
    • 1
  • Bernd Meyer
    • 2
  • Volker Müller
    • 3
  1. 1.Computer Science DepartmentUniversity of TechnologyDarmstadtGermany
  2. 2.Siemens AG, Corporate TechnologyMünchenGermany
  3. 3.Universitas Kristen Duta WacanaYogyakartaIndonesia

Personalised recommendations