A Note on Fault Attacks Against Deterministic Signature Schemes (Short Paper)

  • Alessandro Barenghi
  • Gerardo PelosiEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9836)


Providing sound and fault resilient signature schemes is of crucial importance for the realization of modern secure embedded systems. In this context, the use of standardized discrete logarithm signature primitives such as DSA and ECDSA has been proven frail with respect to failures in the RNG subsystem of a device, leading to the design of deterministic schemes. In this work we analyze the resistance of deterministic signature primitives to fault attacks. We devise an attack strategy relying on a relaxed fault model and show how to efficiently derive the secret key of the deterministic version of both DSA and ECDSA, employing a single correct-faulty signature pair, while we show that the EdDSA algorithm shows structural resistance against such attacks.


Elliptic Curve Signature Scheme Fault Model Fault Injection Input Message 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work was supported in part by the EU grant awarded for the action “Safe Cooperating Cyber-Physical Systems using Wireless Communication – SafeCOP” (ECSEL JU 2015-RIA). Grant agreement no. 692529.


  1. 1.
    Barenghi, A., Bertoni, G.M., Breveglieri, L., Pelosi, G., Sanfilippo, S., Susella, R.: A fault-based secret key retrieval method for ECDSA: analysis and countermeasure. J. Emerg. Technol. Comput. Syst. 13(1) (2016)Google Scholar
  2. 2.
    Barenghi, A., Bertoni, G.M., Breveglieri, L., Pellicioli, M., Pelosi, G.: Fault attack on AES with single-bit induced faults. In: Sixth International Conference on Information Assurance and Security, IAS 2010, Atlanta, GA, USA, 23–25 August 2010. IEEE (2010)Google Scholar
  3. 3.
    Barenghi, A., Bertoni, G.M., Breveglieri, L., Pelosi, G.: A fault induction technique based on voltage underfeeding with application to attacks against AES and RSA. J. Syst. Softw. 86(7), 1864–1878 (2013)CrossRefGoogle Scholar
  4. 4.
    Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)CrossRefGoogle Scholar
  5. 5.
    Barenghi, A., Breveglieri, L., Koren, I., Pelosi, G., Regazzoni, F.: Countermeasures against fault attacks on software implemented AES: effectiveness and cost. In: 5th Workshop on Embedded Systems Security, WESS 2010. ACM (2010)Google Scholar
  6. 6.
    Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.: High-speed High-security Signatures. J. Cryptographic Eng. 2(2), 77–89 (2012)CrossRefzbMATHGoogle Scholar
  7. 7.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Vitek, J., Naccache, D., Pointcheval, D., Vaudenay, S.: Computational alternatives to random number generators. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 72–80. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  9. 9.
    Pornin, T.: Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA). IETF RFC 6979 (2013)Google Scholar
  10. 10.
    Josefsson, S., Möller, N.: EdDSA and Ed25519 (2015).
  11. 11.
    Schmidt, J., Medwed, M.: A fault attack on ECDSA. In: FDTC 2009, pp. 93–99. IEEE CS (2009)Google Scholar
  12. 12.
    Schnorr, C.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161–174 (1991)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Department of Electronics, Information and Bioengineering – DEIBPolitecnico di MilanoMilanoItaly

Personalised recommendations