A Note on Fault Attacks Against Deterministic Signature Schemes (Short Paper)
Providing sound and fault resilient signature schemes is of crucial importance for the realization of modern secure embedded systems. In this context, the use of standardized discrete logarithm signature primitives such as DSA and ECDSA has been proven frail with respect to failures in the RNG subsystem of a device, leading to the design of deterministic schemes. In this work we analyze the resistance of deterministic signature primitives to fault attacks. We devise an attack strategy relying on a relaxed fault model and show how to efficiently derive the secret key of the deterministic version of both DSA and ECDSA, employing a single correct-faulty signature pair, while we show that the EdDSA algorithm shows structural resistance against such attacks.
KeywordsElliptic Curve Signature Scheme Fault Model Fault Injection Input Message
This work was supported in part by the EU grant awarded for the action “Safe Cooperating Cyber-Physical Systems using Wireless Communication – SafeCOP” (ECSEL JU 2015-RIA). Grant agreement no. 692529.
- 1.Barenghi, A., Bertoni, G.M., Breveglieri, L., Pelosi, G., Sanfilippo, S., Susella, R.: A fault-based secret key retrieval method for ECDSA: analysis and countermeasure. J. Emerg. Technol. Comput. Syst. 13(1) (2016)Google Scholar
- 2.Barenghi, A., Bertoni, G.M., Breveglieri, L., Pellicioli, M., Pelosi, G.: Fault attack on AES with single-bit induced faults. In: Sixth International Conference on Information Assurance and Security, IAS 2010, Atlanta, GA, USA, 23–25 August 2010. IEEE (2010)Google Scholar
- 5.Barenghi, A., Breveglieri, L., Koren, I., Pelosi, G., Regazzoni, F.: Countermeasures against fault attacks on software implemented AES: effectiveness and cost. In: 5th Workshop on Embedded Systems Security, WESS 2010. ACM (2010)Google Scholar
- 9.Pornin, T.: Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA). IETF RFC 6979 (2013)Google Scholar
- 10.Josefsson, S., Möller, N.: EdDSA and Ed25519 (2015). https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03
- 11.Schmidt, J., Medwed, M.: A fault attack on ECDSA. In: FDTC 2009, pp. 93–99. IEEE CS (2009)Google Scholar